Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
A handful of developers have been suspended for violating Facebook policies.
2 Min Read
Facebook on Friday said that an unspecified data broker had been paying Facebook developers for user identification numbers (UIDs) and that it has suspended a number of Facebook developers -- less than a dozen -- for six months as punishment.
The company said that no private user data had been sold -- Facebook does not consider UIDs to be private even though they can be used to track individual users -- and it said that the UIDs transferred were not used to access private data.
"Facebook has never sold and will never sell user information," said Facebook engineer Mike Vernal in a blog post. "We also have zero tolerance for data brokers because they undermine the value that users have come to expect from Facebook."
Facebook does not have to sell user information since most Facebook users give their information away to Facebook developers when they choose to use Facebook applications.
Facebook did not name the data broker that had paid for UIDs, but Vernal's blog post said that the company had also reached an agreement with RapLeaf, "the data broker who came forward to work with us on this situation." As part of the agreement, RapLeaf will delete UIDs in its possession and refrain from future activities involving Facebook, directly or indirectly.
The acknowledgement comes following a Wall Street Journal investigation last month that found popular Facebook apps revealed UID numbers. UID numbers can be used to determine a Facebook user's name and possibly other information. The principal privacy risk is that UIDs can be used to associate a Facebook identity with actions outside of Facebook.
In response to that investigation, Facebook put forward a plan to enable the optional encryption of UID numbers. The company has published a technical outline and solicited feedback from developers. It maintains that the additional issue of information exposed through HTTP Referer headers must be addressed by a broad range of technology companies.
The company also said that it is tightening its policies about how UIDs can be used, stored, and transmitted.
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
