Facebook boss Mark Zuckerberg has insisted he is still the right person to lead the company after it revealed 87m users could have been affected by the Cambridge Analytica scandal.

The total figure includes just over a million users from the UK, although the majority of those potentially affected are based in the United States.

In a rare conference call with journalists yesterday evening, Zuckerberg, the tech giant’s founder and chief executive, admitted that it “didn’t do enough” to protect users.

The company was now committed to taking more responsibility for keeping people’s data safe, he said.

“We didn’t take a broad enough view of what our responsibility is. That was a huge mistake. It was my mistake,” Zuckerberg said at the start of the call.

Asked by a journalist if he still thought he was the best person to lead Facebook, he replied: “Yes.”

He added: “I think life is about learning from your mistakes and working out what you need to do to move forward.

“When you’re building something like Facebook that is unprecedented in the world there are going to be things you mess up.”

Asked by another reporter if the board had discussed whether he should step down as chairman in the wake of the company’s recent drop in stock price, he said: “Not that I’m aware of.”

Zuckerberg said that the 87m figure, buried near the bottom of a Facebook blog post earlier in the day, was “the maximum number” thought possible – but he also admitted that “we don’t actually know” the true total of people who were affected.

Previous estimates, reported by the Observer newspaper, had suggested 50m users were at risk, but as Zuckerberg spoke, CA claimed on Twitter that the data of “no more than 30m” individuals was accessed.

The company also tweeted: “When Facebook contacted us to let us know the data had been improperly obtained, we immediately deleted the raw data from our file server, and began the process of searching for and removing any of its derivatives in our system.”

Asked about those tweets and whether he would consider taking legal action against any companies which illicitly accessed user data, Zuckerberg said Facebook would allow the UK’s Information Commissioner to investigate first but would “take legal action if we need to do that to protect people’s information”.

In yesterday’s blog post, which outlined a number of proposed changes to Facebook’s terms of service in the wake of the privacy row, the company explained that it had disabled a feature which previously allowed people to search for users by their mobile number or e-mail address, if they chose to allow it in their settings.

Facebook chief technology officer Mike Shroepfer, who wrote the update, said this was because “malicious actors” had “abused these features to scrape public profile information by submitting phone numbers or e-mail addresses they already have through search and account recovery”.

Asked about this during the call, Zuckerberg said: “I would assume if you had that setting turned on that someone at some point has access to your public information in some way.”