Facebook is facing its worst privacy scandal in years following allegations that a Trump-affiliated data mining firm, Cambridge Analytica, used ill-gotten data from millions of users to try to influence elections.
The company said as many as 87 million people might have had their data accessed — an increase from the 50 million disclosed in published reports.
Most of the affected users are in the US, while 311,127 Australians were listed as potentially having had their information "improperly shared".
Cambridge Analytica has denied wrongdoing. It said it engaged a university professor "in good faith" to collect Facebook data in a manner similar to how other third-party app developers have harvested personal information.
Initial reports said 50 million Facebook profiles were obtained by Aleksandra Kogan using an app that collected the data of people who were paid to take a personality test, and the data of their Facebook friends.
The same article said Dr Kogan had a deal to share the data with Cambridge Analytica. The man who blew the whistle on the company, Chris Wylie, said the firm then used it to a create software that ultimately influenced how people voted.
Roughly 270,000 people downloaded and shared personal details with the app, which then "crawled" through their social networks to grow that number, Mr Wylie said.
Video: A former Cambridge Analytica employee says the firm used "information dominance" to spread fake news (ABC News)
What is Facebook doing about it?All Facebook users will receive a notice on their Facebook feeds with a link to see what apps they use and what information they have shared with those apps.
They will have a chance to delete apps they no longer want. Users who might have had their data shared with Cambridge Analytica will be told of that.
With outsiders' access to data under scrutiny, Facebook outlined several changes to further tighten its policies.
Facebook is restricting access that apps can get about users' events, as well as information about groups such as member lists and content.
In addition, the company is also removing the option to search for users by entering a phone number or an email address.
While this helped individuals find friends, Facebook said businesses that had phone or email information on customers were able to collect profile information this way.
This comes on top of changes announced a few weeks ago. For example, Facebook has said it will remove developers' access to people's data if the person has not used the app in three months.
Photo: Facebook's Mark Zuckerberg apologised with ads in multiple US and British newspapers. (AP: Jenny Kane)
It has a new section explaining that it collects people's contact information if they choose to "upload, sync or import" this to the service. This may include users' address books on their phones, as well as their call logs and text histories.
The new policy said Facebook may use this data to help "you and others find people you may know".
The previous policy did not mention call logs or text histories. Several users were surprised to learn recently that Facebook had been collecting information about whom they texted or called and for how long, though not the actual contents of text messages.
It seemed to have been done without explicit consent, though Facebook said it collected such data only from Android users who specifically allowed it to do so — for instance, by agreeing to permissions when installing Facebook.
Video: ScienceAlert editor Seamus Byrne says users are beginning to realise just how much data Facebook has, and what it enables. (ABC News)
Facebook also added clarification that local laws could affect what it does with "sensitive" data on people, such as information about a user's race or ethnicity, health, political views or even trade union membership.
This and other information, the new policy states, "could be subject to special protections under the laws of your country".
But it means the company is unlikely to apply stricter protections to countries with looser privacy laws — such as the US, for example. Facebook has always had regional differences in policies, and the new document makes that clearer.
The new policy also makes it clear that WhatsApp and Instagram are part of Facebook and that the companies share information about users. The two were not mentioned in the previous policy.