Facebook has quietly revealed another privacy breach involving approximately 100 developers. On Tuesday, Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships said in a blog post that the names and profile pictures of users connected to Groups and the system’s API were accessible.
Before April 2018, group administrators could authorize an app for a group they managed, giving the application developer access to this information. Despite restricting information access to just the group’s name, the number of users, and post content — unless users opted-in to share their name and profile picture — in April last year, Facebook says that some apps retained access to this additional data until recently, ZDNet reported today.
Experts Comments
Now Facebook has made a change to their privacy policy and is ensuring that applications adhere to that policy.
In my view, Facebook was reviewing their policies and how they were implemented, then came across an unintended flaw in their APIs that allowed certain developers access to information that they now restrict. From Facebook’s explanation on their blog, most of these apps were designed to help manage people within a group. The most important thing to remember here is that the original group administrator had to add and approve these applications, they also had access to the restricted data. Now .....Read More
Additionally, when settings change or new entities gain access to data, users should be alerted to the change.
As Facebook have demonstrated over the years, maintaining a matrix of permissions for any account is challenging. This comes not only from how privacy expectations are communicated and set, but through how they might be verified. Looking specifically at Groups, while a Group administrator might authorize an application to access certain aspects of their Group, individual users might have a different preference. As feature changes occur, it’s not uncommon for legacy settings to be.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Joseph Carson, Thycotic, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"FACEBOOK must prioritize privileged access management best practices and apply the principle of least privileged...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-comments-on-facebook-reveals-another-privacy-breach-this-time-involving-developers
Facebook Message
@Joseph Carson, Thycotic, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"FACEBOOK must prioritize privileged access management best practices and apply the principle of least privileged...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-comments-on-facebook-reveals-another-privacy-breach-this-time-involving-developers