The social network provided access to confidential information to multiple services
Facebook has been involved in multiple scandals related to the privacy of its users over the past few months. In the most recent case, cybersecurity specialists from the International Institute of Cyber Security report that Facebook would have allowed services like Netflix, Spotify, and even the Royal Bank of Canada to access and manipulate users’ private messages.
According to reports, Spotify would have enjoyed access to private messages of over 70 million users each month; as if it was not enough, Facebook would also have provided technology companies such as Amazon and Microsoft access to users’ personal data without their consent. This was revealed thanks to the leaking of thousands of Facebook documents detailing the way in which the social network associates the data of users with companies, advertisements, etc.
Regarding Microsoft, Facebook would have allowed the Bing browser to access the names of all contacts of a user without consent. In the case of Amazon, Facebook would have allowed the company to extract names and contact information through the friends list in the Facebook profile. The social network would have even allowed the Russian multinational Yandex access to the user IDs until the year 2017.
In previous opportunities Facebook has admitted similar situations, emphasizing that there is no evidence that companies abuse the personal information of its users. Konstantinos Papamiltiadis, director of developer programs for Facebook, mentioned: “Our partners have accessed the message function, but users must login first. For example, if a user logs into the Spotify desktop app, the user can send and receive messages without having to leave the app. Our API provided members with access to the person’s messages to enhance this type of function”.
In response to this research, services like Netflix and Spotify denied that Facebook had provided ample access to a single profile. “Netflix has never requested or accessed anyone’s private messages,” said the cybersecurity team of the streaming service.
On the other hand, an Amazon spokesman said that “Amazon uses the APIs provided by Facebook to enable some experiences related to our products, such as synchronizing Facebook contacts on one of our tablets. We use this information only when it corresponds to our privacy policy”.
Despite these attempts to mitigate damage, experts in cybersecurity consider this could mean a severe blow for Facebook, because throughout the year the social network has attracted attention by multiple incidents against the privacy of its users, beginning with the scandal of the consultant Cambridge Analytica, which had access to the personal data of over 50 million users of the social network.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.