Facebook says Cambridge Analytica breach affected over 600,000 Canadians

"You never fully solve security, it's an arms race"


Facebook has confirmed that approximately 622,161 Canadian users have had their personal information shared with political analytics firm Cambridge Analytica.

It was revealed last month that over 50 million people had their information improperly shared with Cambridge Analytica, although it was unclear at the time how many Canadians may have been affected.

According to Facebook, over 23 million people use the social network in Canada.

Worldwide, Facebook says 87 million users had their data shared with Cambridge Analytica, meaning the Canadian statistic represents 0.7 percent of those impacted globally.

“You never fully solve security, it’s an arms race,” said Facebook co-founder and CEO Mark Zuckerberg during an ongoing press call.

Referring to third-party developers, Zuckerberg said “[Facebook’s] job was to give them tools and it was largely people’s responsibility how they chose to use them.” However, he acknowledged that Facebook didn’t do enough to prepare for any possible misuse of these tools.

“We made a mistake,” he said. “I made a mistake… There were too many apps and too many folks that had access to other people’s content. We need to take a broader view of our responsibility, not just the legal responsibilities.”

During the call, Facebook outlined a number of ways in which it will improve privacy on its site, including:

  • Facebook will offer users a bulk removal tool to prevent any third-party app from accessing their profiles
  • Going forward, Facebook will need to approve all apps that request access to public information such as likes, photos, posts, videos, events and location check-ins (Facebook says it started approving these permissions in 2014, with the new initiative marking tighter requirements to the process)
  • Apps can no longer ask for access to more private profile information like relationship status, religious or political views, work history and fitness activity
  • User accounts that have been inactive for over 10 months cannot be accessed by third-party apps at all
  • Facebook is limiting the amount of data that third-party developers can access on its sister app Instagram
  • Facebook confirmed it does not collect the content of messages and will delete all logs older than one year, as well as limit the types of data it uploads
  • Starting Monday, April 9th, users will see a link to a tool at the top of their News Feed to see what information they’ve shared with third-party apps
  • 20,000 additional people will be working on Facebook security by the end of the year, joining the 15,000 currently working in that area

“We’re not just building tools, but we need to take full responsibility for how people use those tools and the outcomes,” Zuckerberg said of Facebook’s new initiatives. “More people need to look at the privacy controls that [they] do have [and] we need to do a better job of putting those tools in front of people and not just offering them.”

When asked if anyone on Facebook’s board of directors have called for him to resign as chairman, Zuckerberg said “not that I’m aware of.” He said he feels he’s the best person to run Facebook going forward, adding that “life is about learning from mistakes and moving forward.”

“When you’re building something like Facebook that is unprecedented in the world, you’re going to mess some things up,” Zuckerberg said.

In response to the press call, Cambridge Analytica has taken to Twitter to publish a statement on the matter.

However, it’s important to note that The New York Times reported that not all of the seized data had been deleted immediately after news of the breach first surfaced. “Copies of the data still remain beyond Facebook’s control,” The Times wrote in its report. “The Times viewed a set of raw data from the profiles Cambridge Analytica obtained.”

Related Articles