Data breach woes for Facebook don’t seem to be ending. Facebook yet again admitted a data breach involving roughly 100 third-party app developers who had improper data access. In a blog post, Facebook’s Konstantinos Papamiltiadis, Director of Platform Partnerships revealed that app developers had access to user data such as group member names and profile pictures through the Group API.
Prior to April 2018, app developers had unrestricted access to group members’ information. But with changes made in Group API posts in April 2018, this has changed. The app developers now only have limited access to group information such as group name, the number of users, and the content in group posts. For additional information, group members are asked specific permissions that can be accepted or denied as per preference.
According to Facebook’s new framework designed on the guidelines of their agreement with the Federal Trade Commission (FTC), Facebook is required to conduct timely and scheduled audits of all its products and services for factors such as data breach, privacy adherence, etc.
Papamiltiadis said, “As part of our ongoing review, we recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended. We have since removed their access. Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number (of developers) that did (access) is smaller and decreased over time. We know at least 11 partners accessed group members’ information in the last 60 days. Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have been retained, and we will conduct audits to confirm that it has been deleted.”
Just a week back, Facebook had agreed to pay £500,000 (around US$ 645,000) penalty imposed by ICO, the U.K.’s data protection watchdog, for a data breach carried out by a political data firm Cambridge Analytica. It gathered user data and used it to potentially change the outcome of 2016 US Presidential Elections and Brexit.
Owing to this, Facebook announced that it is tightening its security for the 2020 U.S. elections. The social media giant stated that it’s taking down accounts involved in illicit activities and stepping up searching state-controlled media trying to manipulate American voters.