Cambridge Analytica, the political marketing firm that claims to use psychographic profiling to target individual voters, got hold of the profiles of 87 million Facebook users - not 50 million as it has suggested.
That's according to Facebook's chief technology officer Mike Schroepfer. This has prompted Facebook to take action to limit how much data third-parties can scrape from its social network via legitimate APIs.
"We believe these changes will better protect people's information while still enabling developers to create useful experiences. We know we have more work to do — and we'll keep you updated as we make more changes," said Schroepfer.
But continuing with what would seem like an admission of guilt over the Cambridge Analytica scandal, Facebook founder and big boss Mark Zuckerberg has said his company didn't do enough to prevent the abuse of the harvested data.
"It's clear now that we didn't focus enough on preventing abuse," he said in an interview with the press. "We didn't take a broad enough view of what our responsibility is. That was a huge mistake, and it was my mistake.
"Knowing what I know today, clearly we should have done more," he said.
Zuckerberg is taking full responsibility for the mistake and said that no Facebook employees have been fired over the scandal, although he still believes he's the best guy to run Facebook, despite the hammering the company's stock price has taken as the scandal as unfolded.
"Life is about learning from the mistakes and figuring out what you need to do to move forward," he said.
However, keeping the platform more secure will be a challenge: if the company tightens up its data sharing practices, it will almost certainly be targeted by hackers.
"You never fully solve security. It's an arms race," Zuckerberg said. "I'm confident that we're making progress against these adversaries, but they're very sophisticated."
Zuckerberg's somewhat belated interviews and admissions of responsibility come ahead of a grilling he is expected to receive from US congressmen, although he snubbed a similar request to give evidence before a House of Commons committee.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance