Facebook Makes Changes To Groups API Following Privacy Breach

Continuing the new normal of fixing things after major security breaches, Facebook has once again made it into the news. This time, Facebook has revealed a serious privacy breach, following which the company announced changes in the Groups API.

Latest Facebook Privacy Breach

Recently, Facebook disclosed another privacy breach. According to the blog post by Konstantinos Papamiltiadis, Director of Developer Platforms and Programs at Facebook, the firm has noticed some developers retaining personal information of users ‘longer than intended’.

Specifically, the incident happened due to the behavior of Groups API that allowed group admins to share data with developers. While this was not the case before 2018, it did give explicit access to the developers after 2018. According to Facebook,

As part of the changes to the Groups API after April 2018, if an admin authorized this access, that app would only get information, such as the group’s name, the number of users, and the content of posts. For an app to access additional information such as name and profile picture in connection with group activity, group members had to opt-in.

Consequently, they suspect around 100 such developers to have retained the data. Out of 100, Facebook confirmed at least 11 developers to have accessed the data they should not have.

We know at least 11 partners accessed group members’ information in the last 60 days.

As elaborated, these mainly include video streaming and social media management apps.

What Is Facebook Doing

According to the blog post, Facebook has removed the access of the developers whom they found storing users’ data. Moreover, they have also pledged to make sure that the developers delete all the data they have collected.

Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted.

In addition Facebook has reinstated its stance to comply with its agreement with FTC to ensure ‘more accountability and transparency’.

Certainly, that is evident from the various steps Facebook has taken or is taking towards user privacy. For instance, they even recently announced suspending a huge number of apps for data hoarding, and an expansion in its bug bounty program to include third-party apps and websites.

However, these steps do not seem enough to acquit Facebook of their plethora of blunders. This also includes the Cambridge Analytica scandal for which, Facebook is yet to pay the fine to the UK ICO.

Though Facebook has pledged to work towards ensuring users’ privacy, we are yet to witness the firm taking noteworthy steps.

Let us know your thoughts in the comments.

Related posts

Google Cloud To Implement MFA as a Mandatory Feature

Opera Browser Vulnerability Could Allow Exploits Via Browser Extensions

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder