"We have a responsibility to protect your data, and if we can't then we don't deserve to serve you," Zuckerberg wrote in a lengthy post on the social media platform Wednesday, included at the bottom of this article.
Shortly after Zuckerberg posted to Facebook, chief operating officer Sheryl Sandberg shared his response and added her own comments.
Zuckerberg's company has come under fire this week after news broke that data analysis firm Cambridge Analytica harvested personal information from as many as 50 million Facebook users to influence elections in the U.S. and U.K.
Zuckerberg is scheduled to appear on CNN at 9:00 p.m. ET Wednesday.
Here are the top takeaways from Zuckerberg's statement and Sandberg's response Wednesday.
What Happened, and When?
Zuckerberg started the post by writing, "I want to share an update on the Cambridge Analytica situation -- including the steps we've already taken and our next steps to address this important issue."
He used the bulk of what he wrote to outline exactly what happened and when, starting as far back as 2007 with Facebook's inception. This is important for investors, as the timeline had become somewhat murky.
Zuckerberg noted that the issue at hand first cropped up in 2013, when "a Cambridge University researcher named Aleksander Kogan created a personality quiz app," Zuckerberg wrote. "It was installed by around 300,000 people who shared their data as well as some of their friends' data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends' data."
Most reports have deducted that figure - Zuckerberg's "tens of millions" - could be as many as 50 million. That would be about 2% of Facebook's 2.2 billion users.
So What Did Facebook Do?
"In 2014, to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access. Most importantly, apps like Kogan's could no longer ask for data about a person's friends unless their friends had also authorized the app," Zuckerberg wrote.
"In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against our policies for developers to share data without people's consent, so we immediately banned Kogan's app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications."
But then last week, the CEO said, Facebook learned that Kogan did not in fact delete the data as intended. Facebook then banned Cambridge Analytica from using its services. Zuckerberg said Cambridge Analytica has agreed to a forensic audit to prove it deleted the data as Facebook requested.
Time to Reflect
"I've been working to understand exactly what happened and how to make sure this doesn't happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago," Zuckerberg said. "But we also made mistakes, there's more to do, and we need to step up and do it."
He then outlined three steps Action Alerts Plus holding Facebook plans to take to "prevent bad actors from accessing peoples' information."
First, Facebook will investigate the apps that had access to mass amounts of data before the aforementioned change in 2014 and audit any apps with "suspicious activity."
Second, the company said it plans to limit developers' data access even more in order to avoid outcomes such as this one. That could mean Facebook will remove developers' access to a user's data if the user hasn't accessed the app in three months.
Third, Facebook will work to make sure users know which apps are accessing their data by adding a new tool at the top of the News Feed that makes it easier to revoke that access if already granted.
"I started Facebook, and at the end of the day I'm responsible for what happens on our platform. I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past," Zuckerberg wrote. "We will learn from this experience to secure our platform further and make our community safer for everyone going forward."
Sandberg mainly reiterated what Zuckerberg disclosed, saying, "As he said, we know that this was a major violation of peoples' trust, and I deeply regret that we didn't do enough to deal with it. We have a responsibility to protect your data - and if we can't, then we don't deserve to serve you."
She also gave a shorter version of Zuckerberg's plans to keep something like this from happening again: "We've spent the past few days working to get a fuller picture so we can stop this from happening again. Here are the steps we're taking. We're investigating all apps that had access to large amounts of information before we changed our platform in 2014 to dramatically reduce data access. And if we find that developers misused personally identifiable information, we'll ban them from our platform and we'll tell the people who were affected."
"Your trust is at the core of our service," Sandberg wrote. "We know that and we will work to earn it."
Read Zuckerberg's entire statement here:
And read Sandberg's statement here: