Facebook has provided an update on the Cambridge Analytica scandal and it's not good news - specifically that anybody could have had their profile scraped by nasty people submitting phone numbers or email addresses they already have through Facebook's search and account recovery option. 

In a blog post, Facebook's chief technology officer Mike Schroepfer commented: "Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well" - more on that below. 

It was revealed last month that Cambridge Analytica obtained data from more than 50 million Facebook users without their explicit consent in order to influence them with ads. 

In the aforementioned 4 April blog post, Facebook subtly revealed that 87 million people, mainly in the US, rather than 50 million people as first thought, were affected by the Cambridge Analytica scandal. It's also implementing new changes.

Pocket-lint and other news sites have been digging to see what types of data Facebook collects and allows third-party apps to access. It was quickly discovered last month that Facebook collected call records and SMS data from Android device users for years. Facebook said it was an “opt-in feature” to improve its friend recommendations. Now, Facebook is promising it will delete all logs older than one year. 

Schroepfer also vowed: “In the future, the client will only upload to our servers the information needed to offer this feature,” meaning granular metadata like the time of calls won’t be uploaded. Plus, Facebook said it does not collect the content of messages. It is rolling out these changes as part of a previously announced three-part plan, which it's currently updating to include more restrictions on access to data.

For instance, starting immediately, Facebook said it will need to approve all apps that request access to personal information such as check-ins, likes, photos, posts, videos, events, and groups.

Furthermore, until now, people could enter another person’s number or email address into Facebook search to find them. Facebook has disabled that feature. You can see the full list of the new data restrictions from here.

Finally, starting 9 April, Facebook will roll out a new link at the top of the news feed that will show people what apps they use and the information they have shared with those apps. Recently, Facebook also made it easier to remove multiple apps from accounts all at once. Previously, you had to individually revoke each app's access, which was tedious, especially if you granted access to hundreds of apps.

Keep in mind CEO Mark Zuckerberg plans to testify before Congress next week to answer questions about Facebook's use of user data.

We got your primer here: