Home / News / Facebook reports another data leak

Facebook reports another data leak

Facebook developers have discovered a software bug related to access rights to information of group members. Perhaps there was another data leak.

Due to an API error, some application administrators may have bypassed previously imposed restrictions and received sensitive information from users.

The social network limited access to this data in April 2018. The ban was linked to a scandal surrounding Cambridge Analytica, which used legitimate Facebook tools to collect user data. As a result of the proceedings, the US Federal Trade Commission imposed a fine of several billion dollars on the social network and ordered the social network management to review its policy on working with personal information.

Read also: Shadow Brokers archive allowed tracing mysterious DarkUniverse group

After these events, Facebook developers changed the mechanics of several APIs at once, with the help of which third-party participants could receive information about users. The list of modified packages included the API Groups, which provided data exchange between external services and social network groups.

Programmers allowed such applications to read the content of posts, see the name of the group and the number of its users. Additional data became available only if participants allowed it separately.

However, as the developers found out, some services managed to get this information without the knowledge of users. According to Facebook, about 100 applications received illegal access, of which at least 11 were viewing data in the last 60 days.

“For the most part, these are services for streaming and page management, with the help of which administrators can effectively manage communities and group members share video. Despite the convenience of such features for users and Facebook communities, we decided to disable access”, – said Konstantinos Papamiltiadis, Director of Platform Partnerships of Facebook.

Representatives of the social network separately noted that they did not find signs of abuse of illegally obtained data. This detail distinguishes the current leak from another incident when, in violation of the rules, Facebook caught one of the contractors of Instagram, linked Facebook service. In August, journalists found out that employees of the HYP3R analytical agency were tracking users’ geolocation, although this feature was also blocked after the 2018 scandal.

As practice shows, the most dangerous user data on Facebook is unprotected storage that is regularly found on the Internet. Only in 2019, researchers found several such databases at once – in April, May and September. In each case, the circle of victims amounted to tens and hundreds of millions of users. In addition, Facebook representatives were caught storing passwords for many years in an unprotected form.
[Total: 0    Average: 0/5]
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Magento developers fixed RCE vulnerability

Magento developers fixed 10-point RCE vulnerability

CMS Magento developers prepared a patch that fixes a 10-point RCE vulnerability in the e-commerce …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.