While releasing the new figures on affected users, Facebook's Chief Technology Officer Mike Schroepfer said, "In total, we believe the Facebook information of up to 87 million people -- mostly in the US -- may have been improperly shared with Cambridge Analytica."
Cambridge Analytica has been accused of providing caste analysis for various parties during Indian political campaigns. The explosive details were tweeted by Christopher Wylie, the whistleblower who exposed the role of Cambridge Analytica in data breach affecting millions of Facebook users last month.
The document suggested that the firm's parent company, Strategic Communications Limited (SCL), conducted behavioral research and polling for at least six state elections in India between 2003 and 2012, the 2009 national election and many political parties, including the BJP, Congress and the JDU have been accused of being the clients of Cambridge Analytica.
Union Minister of IT and Law Ravi Shankar Prasad, however, said that any attempt by social platforms like Facebook to influence the electoral process will not be tolerated and that if need be, Mark Zuckerberg, Facebook founder and CEO, could be summoned by India.
"Mr Mark Zuckerberg, You better note the observation of IT Minister of India. We welcome the Facebook profile from India are the highest in the world. But if any data theft of Indians is done with the collusion of Facebook system, this shall not be tolerated. We have got stringent power under IT act. We shall use it including summoning you in India," the minister said.
The world's biggest social network has now tweaked its usage policy for third party apps, including log in process, to ensure limited access to user information.
The Indian government had asked both Cambridge Analytica and Facebook to reply by April 7 whether personal data of Indians was compromised and used to affect the outcome of elections. No summons have been made so far.
India doesn't have data protection law but officials have suggested that the IT Act had wide provisions that could be invoked if an inquiry reveals that a data breach did take place.