Facebook is
investigating a security breach that allowed third-party JavaScript trackers to steal data from users logged into sites using the Facebook button. The exploit made it possible to collect data, including name, email address, age range, gender, location, and profile photo. It is unclear exactly what trackers did with this data, but some of their developers, like
Lytics, make money by defining, using and selling target audiences.
According to Steven Englehardt, Mozilla’s private data protection engineer, and his co-authors from the Princeton Information Technology Policy Center, these scripts
run on 434 sites out of a million top pages.
Among the sites and services that collected data in this way,
MongoDB cloud servers are noted in the study. A script was installed on the BandsInTown concert website, which allowed any sites using the Amplified advertising platform to identify users by their Facebook accounts.
Social network representatives gave TechCrunch official response:
Scraping user data directly violates Facebook's rules. We are studying this problem, and immediately took action to stop the possibility of linking the unique identifiers of users of specific applications with individual Facebook profile pages, and we are working on installing additional authentication and restricting requests to profiles.
Hidden textScraping Facebook user data is in direct violation of our policies. In the case of a specific questionnaire, it is necessary to take into account.
In the case of MongoDB, the company responded that it did not know about the capabilities of third-party technologies to receive data from Facebook users: "We identified the source of the script and turned it off."
Hidden textWe were unaware of the user data. Shut down
BandsInTown after receiving a letter from the researchers also took action.
BandsInTown did not disclose unauthorized data to third parties, and after receiving a letter on the subject of a study on a potential vulnerability in a script running on our ad platform, we quickly took appropriate measures to completely eliminate the problem.
Hidden textIt is not a clear sign of the situation.
New problems with the security of personal data of users have arisen in difficult for Facebook. Mark Zuckerberg acknowledged that 87 million users had leaked data to Cambridge Analytica, whose vice president was Steve Bannon who led the presidential campaign of Donald Trump. CEO Facebook had two days in a row for five hours a day to answer questions in the US Congress.
Now Facebook
brings the rules to comply with the laws of the European Union and is preparing for external control by the US authorities. In Russia, the company also
expects verification of compliance with the requirements of current legislation.