Facebook revealed the number of people affected by a data-mining scandal was close to 40 million higher than originally estimated, and reportedly said almost all of its users were at risk due to security weaknesses.

The social network said information from up to 87 million people was improperly shared with Cambridge Analytica, compared with news outlets’ original estimate of around 50 million. The company noted users in the US made up more than 81 per cent (70.6 million) of compromised accounts. A little over 1 million people each were also impacted in the Philippines, Indonesia and the United Kingdom.

In an update, Bloomberg reported the social media giant subsequently admitted the data of almost all of its 2 billion users could have been affected by lax security, albeit not all necessarily related to the Cambridge Analytica case.

Facebook implemented a number of changes to its privacy settings after news of the breach first broke and made further changes this week including implementing restrictions on what information developers can glean from users in its Events, Groups and Pages sections.

The company also removed users’ ability to search for profiles using phone numbers and email addresses, claiming “malicious actors” have used the feature to scrape public profile information

Facebook said it will begin notifying users whose information may have been improperly shared by Cambridge Analytica on 9 April. A day later, CEO Mark Zuckerberg is scheduled to testify before a joint hearing of the US House Energy and Commerce Committee, and the Senate Judiciary and Commerce Committee about the company’s data practices, Bloomberg reported.

During a call with media, Zuckerberg expressed regret for not addressing privacy concerns sooner: “We didn’t take a broad enough view of what our responsibility is, and that was a huge mistake.” He added fully addressing the issue will be a “multi-year” effort.