IT COULD be Facebook's biggest challenge yet: the personal information of 50 million users harvested, sold, and allegedly used to manipulate an election.

Often without consent, users' likes, friendships, status updates, and even their personal messages were used to "change" their behaviour and predict their race, gender, or future purchases.

But how do you know if your Facebook data has been scraped and exploited? And, if so, how can you make sure it doesn't happen again?

MORE: How Facebook's toxic data scandal began

RELATED: How to #DeleteFacebook

READ: Facebook's big fail costing billions

Facebook faces its biggest challenge yet. Picture: AFP
Facebook faces its biggest challenge yet. Picture: AFP

We've rounded up what you need to know about how Cambridge Analytica accessed so much personal information without Facebook users' consent, and how you can stop your personal information being used in future.


In 2015, a Cambridge University psychology professor named Dr Aleksandr Kogan created a personality-testing app for Facebook called "thisisyourdigitallife".

The quiz asked users' questions with their consent, but it also mined the details of their friends without their knowledge.

Surprisingly, this behaviour did not break Facebook's rules, but the social network says terms and conditions were violated when the academic sold this information to a political analysis firm.

Cambridge Analytica says it deleted the Facebook information when it discovered the violation, but whistleblower Christopher Wylie disputes that account.


Cambridge Analytica chief executive Alexander Nix says the company amassed "nearly 5000 different data points about (individuals) to craft and target a message".

In the case of people using the original Facebook quiz app, information taken included their responses to personality questions and their Facebook profile data, but the more valuable information came from their network of friends.

Facebook shares dropped following reports of a large data breach. Picture: AFP
Facebook shares dropped following reports of a large data breach. Picture: AFP

Mr Wylie told The Guardian information harvested from users' friends included "things like status updates, likes, and in some cases private messages".

Using this information, Cambridge Analytica developed a way to accurately identify users' race, gender, likes, dislikes, and how they could be politically influenced, he said.


Your information may have been used but it's hard to tell for certain.

While the original app was designed to quiz only Americans, it spread without consent to their friendship groups.

As Mr Wylie explained, "we would only need to touch a couple of hundred thousand people to expand into their enter social network".

If you are Facebook friends with an American, or someone who lives in the US, your data may have been caught up in the scandal.

It’s hard to know for sure exactly what data has been harvested. Picture: AP
It’s hard to know for sure exactly what data has been harvested. Picture: AP

The app was deleted once Facebook identified the breach to its rules, so you can no longer tell who installed it.

Australian Information and Privacy Commissioner Timothy Pilgrim said his Office was "making inquiries" with Facebook about whether its Australian users had been affected, and would determine whether to pursue fines or regulatory action.


Facebook collects a lot of data on its users, from ads they click on and the companies they use, to their location, age, employment status, and political views.

That information is used to sell advertisements on Facebook, and can also be used by third parties if you give them permission.

These apps range from seemingly harmless quizzes on which Sex and The City character you mostly resemble, to services like TripAdvisor and Spotify.

Facebook CEO Mark Zuckerberg. Picture: AFP
Facebook CEO Mark Zuckerberg. Picture: AFP

To limit the data you share with companies, you should check the apps you've installed on your Facebook profile. You can find them listed under the Settings menu, in Apps.

Facebook says, when installed, apps can access "your public profile, which includes your name, profile pictures, username, user ID (account number), networks and any info you choose to make publicly available."

Users can choose whether to remove certain permissions from third-party apps - preventing Shazam from reading your friends list, for example - or whether to remove those apps from entirely. After they're removed, they can no longer access your information.


Many people are deleting or deactivating their Facebook accounts in a protest against the massive privacy violation, with #DeleteFacebook trending on Twitter this week.

Before you delete your account, or even if you don't, it's wise to download the information you've shared with the social network.

#DeleteFacebook was trending on Twitter following news of the data leak. Picture: AP
#DeleteFacebook was trending on Twitter following news of the data leak. Picture: AP

You can request a copy of your Facebook archive from the Settings menu in an internet browser, though not in Facebook's apps, and it will be emailed to you.

If you delete your account, Facebook will give you a couple of days to reconsider your decision, after which it will begin the process of removing your data from its servers, which could take up to 90 days.

Alternatively, you can deactivate your Facebook account, which will mean no one can see your profile but the information will remain with Facebook.