- Facebook changed its APIs but some app developers continued to retain sensitive user data more than a year after Cambridge Analytica.
- Around 100 of Facebook’s partners still had access to details like user names and profile pictures within a Facebook group.
- At 11 of these partners was accessed group member information within the last 60 days.
- Facebook says that it has since removed access for all concerned parties.
"We know at least 11 partners accessed group members’ information in the last 60 days," said Facebook in its blog post, adding that there was no evidence that this information was abused.
The question of consent
After news of Cambridge Analytica broke, Facebook made changes to a lot of its developer APIs, including the Groups API — the interface between app developers and Facebook that can integrate with a group.
The changes meant that app developers would only have access to the group’s name, the number of users and content of the posts. In order to attain additional details like names and profile pictures, group members would have to give their consent.
This was in April 2018. More than a year later, at least 100 of Facebook’s partners still had access to group member information. The company claims to have removed their access now.
Even though Facebook did not specify which apps still had access, it did disclose that they were mostly ‘social media management and video streaming apps’.
Fallout from Cambridge Analytica continues
In 2018, whistleblower Christopher Wylie revealed that Cambridge Analytica used data from Facebook to harvest to data of 50 million users without their consent.
According to Wylie, the data revealed personal information about the users. This information was then used to build psychological profiles to target users with political campaigns.
The reforms to Facebook’s data sharing practices were only made after Mark Zuckerberg, Facebook CEO, pledged to change regulations after a public outcry.
"We have a responsibility to protect your data, and if we can't then we don't deserve to serve you," said Zuckerberg in a statement in March 2018.
Despite this, this is not the first time that Facebook’s been caught in a data breach after Cambridge Analytica.
Facebook’s many data breaches
In March this year, Facebook admitted to exposing user passwords on internal data servers. This meant that employees at Facebook could look up any user’s password which is a breach of privacy.
In April, security researchers found that more than 540 million Facebook user records were exposed on Amazon’s cloud servers. According to UpGuard, the social networking platform was hacked by Cultura Colectiva with exposed 145 GB worth of data from Facebook.
A couple of days later, Business Insider revealed that Facebook had ‘unintentionally uploaded’ contacts of 1.5 million people without their consent.
WhatsApp, which is owned by Facebook, was hacked in May by an Israeli security firm, the NSO Group. It allegedly infected 1,400 users with flagship spyware, Pegasus.
Facebook seems to be caught in a never-ending PR nightmare. It has been accused of data trading, data harvesting, and leaking user information.
Government all over the world are mulling over whether regulation is enough to keep applications like Facebook in check when misuse has gotten out of hand.