X

Facebook app developers sold user info

Social-networking giant announces it has discovered that a data broker was buying identifying user information from app developers.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read

Facebook has revealed that a data broker has been buying identifying Facebook user information from app developers, and as a result the social-networking powerhouse has placed some developers on a six-month suspension.

The announcement, which Facebook made Friday afternoon on its developer blog, comes on the heels of the revelation that many popular Facebook apps were transmitting user IDs--which can be used to look up a users' names and, in some cases, the names of the app user's friends--to at least 25 advertising and data firms.

According to Facebook's developer blog:

As we examined the circumstances of inadvertent UID transfers, we discovered some instances where a data broker was paying developers for UIDs. While we determined that no private user data was sold and confirmed that transfer of these UIDs did not give access to any private data, this violation of our policy is something we take seriously. As such, we are taking action against these developers by instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies. This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform.

Facebook did not identify the data broker that was purchasing user information but did say it had reached an agreement with Rapleaf, a San Francisco-based data aggregation company that was previously identified as receiving some user information. Facebook said that Rapleaf has agreed to delete all user ID information in its possession and agreed not to conduct any further activities on the social network. The blog post did not indicate whether Rapleaf was the broker involved in the sale of user information, and Rapleaf representatives did not immediately reply to a request for comment.

In announcing the suspensions, Facebook said it "never sold and will never sell user information" and has a "zero tolerance for data brokers because they undermine the value that users have come to expect from Facebook."

The social-networking giant has blamed the issue on "referrer URLs," which tell sites which Web sites directed Internet users to sites, and has proposed a technical solution to prevent future transfers. Facebook also announced it had modified its policy to require developers to use the anonymous identifiers when working with ad networks.

Services and Software Guides

VPN
Cybersecurity
Streaming Services
Web Hosting & Websites
Other Services & Software
Services and Software Coupons