in ,

Facebook Groups API flaw exposed data to 100 developers, company says, Ars Technica

Facebook Groups API flaw exposed data to 100 developers, company says, Ars Technica


      oops –

             

“Developers had access to data they shouldn’t” is becoming a familiar refrain.

      

          –

  

        

A wall of user photos form a Facebook logo at the company's data center in Lulea, Sweden.

Enlarge/A wall of user photos form a Facebook logo at the company’s data center in Lulea, Sweden.

JONATHAN NACKSTRAND / AFP / Getty Images

More than a year after theCambridge Analyticascandal came to light, Facebook is once again admitting that some developers have accessed user data that they should not have.

Facebook said in adeveloper postyesterday that it would be changing developers’ access to a number of APIs, including Groups, after “roughly 100 partners “were found to have extra access. “We recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended,” the company said.

At least 11 developers accessed group members’ information in the last two months, Facebook added . “Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted.”

The company did not name any of the apps, but it said they were mostly social media management or video streaming apps “designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups. “

Here we go again

Facebook madesignificant changesto its various APIs in 2018 after it burped up data on87 million peopleto Cambridge Analytica. Cambridge not only accessed a broad swath of data from users who never even interacted with its app but also retained all of the information for years after promising it would be deleted.

Facebook ultimately paid$ 5 billionin a settlement with the Federal Trade Commission relating to the scandal and agreed to makesignificant changesto how “partners” access data on the platform.

The 2018 changes still allowed group admins to enable an app for a group, Facebook said, but limited the data those apps could collect to information such as the group’s name, the number of members it has, and “the content of posts.” Users would theoretically have to opt in to having other information, such as their names and profile pictures, pulled in. Given yesterday’s update, however, it seems that didn’t fully take.

InSeptember, Facebook also suspended “tens of thousands” of apps from about 400 developers after they were found to be obtaining data inappropriately, failing to anonymize data, installing malware, or otherwise breaking the company’s terms of service.

                                 

                  


Read More
Payeer

What do you think?

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

Postgres.ai / postgres-checkup β, Hacker News

AT & T’s stinginess on refunds makes even Comcast customer service look good, Ars Technica

AT & T’s stinginess on refunds makes even Comcast customer service look good, Ars Technica