Kogan then gave the harvested data to Cambridge Analytica, which allegedly used it to target Facebook users with political propaganda in the 2016 United States general election.
Cambridge Analytica had certified to Facebook in 2015 that they had deleted the wrongfully acquired information, but news stories two weeks ago revealed that was not the case.
Facebook immediately suspended Cambridge Analytica and their parent company SCL from using any of its services.
Facebook had made several changes in the past two weeks to better protect information and restrict data access on Facebook, and these changes would continue, Sanda said.
"This included reviewing the data usage of all apps on our platform, telling people affected by apps that have misused their data, and turning off access for any app that a user hasn't used within the last three months.
"This includes letting people know if their data might have been accessed via 'thisisyourdigitallife'.
"We're dramatically reducing the information people can share with apps. We're shutting down other ways data was being shared through Groups, Events, Pages and Search."
Facebook is facing a global backlash over the improper data-sharing scandal.
Hearings over the issue are scheduled in the US, with founder Mark Zuckerberg due to appear before Congress, and the European Union is considering what actions to take against the company.
Facebook estimates as many as 87 million people may have been impacted by the Cambridge Analytica data misuse globally.
Of these, 81.6 per cent were in the United States.
This figure includes anyone who installed the app, and anyone who may have been friends with those people and may not have had their settings set to block their friends from sharing to third party apps during any portion of the time in question.
New Zealand Privacy Commissioner John Edwards said Facebook needed to be "more careful" with how it looked after people's data.
"Organisations that offer these services need to be more careful, and properly assess applications.
"It is a pretty big number [of New Zealanders], but we don't know the extent of data misuse of those people, or what the writer of that quiz did with that information.
"Did he only share it with Cambridge Analytica? We have heard about the political advertising, but what else was done with that information?"
The commission would closely follow investigations happening overseas to seek answers to those questions.
"We are also awaiting the result of the processes currently being undertaken by UK's Information Commissioner's Office, Office of the Privacy Commissioner of Canada, the US Federal Trade Commission and the Australian Privacy and Information Commissioner.
"At this stage we have not taken any decision to launch a separate investigation of our own. We don't think New Zealand can necessarily add anything to that mix."
Edwards also wanted to know if Facebook would notify all New Zealanders impacted, and what advice they would give them to protect themselves and their information.
"We do advise New Zealanders who are concerned about the security of their personal information on Facebook to take their own steps to protect themselves.
"Facebook is offering improved mechanisms for deleting data from users' accounts but full deletion of an account remains an option for anyone concerned about Facebook's ability to keep their data safe."
Meanwhile Australian authorities say they are investigating whether Facebook breached the country's privacy law when personal information of more than 300,000 Australian users was obtained by Cambridge Analytica, a Trump-linked political consulting firm, without their authorisation.
Privacy Commissioner Angelene Falk said on Thursday that the Privacy Act requires all organisations ensure personal information is held securely. Customers must also be adequately notified about the collection and handling of personal information.
Each breach of the Privacy Act can involve a fine of A$420,000 ($444,000).
This follows a different NZPC announcement that Facebook had also breached the Privacy Act in New Zealand.
The local breach does not, however, involve the Cambridge Analytica scandal. Instead, the commissioner's finding came after Facebook refused a complainant access to personal information held on the accounts of several other Facebook users.
The commissioner does not have the power to impose fines on businesses that breach the laws.
Today's revelation about New Zealand users follows the Herald's earlier report that The Warehouse had links to the controversial data firm.
"Cambridge Analytica's parent company has conducted some standard market segmentation and research," a Warehouse spokesperson confirmed after sources revealed the link between the two organisations.
The Warehouse did, however, say local customer data was not at risk of misuse similar to that which occurred internationally.
"None of our customer data has been shared with them [Cambridge Analytica]. We comply with NZ privacy laws and in accordance with our privacy policy," the spokesperson said.
