Risk
10/18/2010
12:15 PM
50%
50%

Facebook Restores Lolapps After Privacy Breach Closed

Social network games were shuttered over the weekend after the developer was charged with unauthorized sharing of user information.

Slideshow: Top 10 Tech Newsmakers Of 2010
Slideshow: Top 10 Tech Newsmakers Of 2010
(click image for larger view and for full slideshow)
After going dark on Friday morning, Facebook restored power to Lolapps, developer of popular games played by about 150 million people around the world.

The games developer had transmitted user data, something prohibited by Facebook's contract. In addition, developers cannot disclose user information to ad networks and data brokers, said Mike Vernal, a member of the engineering team, at Facebook, in a company blog on Sunday.

"We take strong measures to enforce this policy, including suspending and disabling applications that violate it," he said.

Lolapps discovered Facebook was serious about this policy when the company -- alerted, perhaps, by a Wall Street Journal investigation into alleged sharing of Facebook user IDs to independent ad networks and Internet tracking services such as RapLeaf -- shut down the company's popular games including Critter Island, Diva Life, Band of Heroes, Yakuza Lords, and Facebook versions of Dante's Inferno and Champions Online.

"It has been a big weekend in the news for privacy and Facebook applications. As [Sunday's] Facebook developer blog post states, 'In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work.' This statement applies to Lolapps," wrote Arjun Sethi, CEO of Lolapps, in a blog Monday.

"When we were informed of the issue the relationship that put us into this category was immediately dissolved. Since Lolapps was founded in 2008, we have always been committed to Facebook's platform policies and will continue to be as we grow," he said. "The entire team here wants our 150 million users to know that we are sorry they had to go without their favorite Lolapps games and applications."

Earlier this year, Facebook came under attack from several advocacy and privacy groups after the social networking giant changed its policies, making it more complex for users to protect their data. Before launching Facebook Places in August, the company reached out to organizations such as the Center for Democracy and Technology to make sure it addressed privacy issues.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.