Facebook Accused Of Exposing User Data Via Groups


The Federal Trade Commission (FTC) has received a complaint against Facebook that alleges the social media giant wrongfully disclosed information on members of closed groups.

The complaint, which was filed with the FTC last month, alleges that “Facebook deceptively solicited patients to use its ‘Groups’ product to share personal health information about their health issues. Facebook has marketed this product as a Personal Health Record. Facebook then leaked to the public health data that those patients uploaded. At least in some cases, this was done contrary to the specific privacy decisions made by Facebook users.”

The issue came to light last summer when members of a group for women with the BRCA gene discovered that their personal information, including names and email addresses, could easily be downloaded in bulk, either manually or through a Chrome extension.

And while Facebook did make changes to Groups that ended the practice, the complaint explains that this did not fix the entire problem.

“While it is no longer possible for non-Group-members to download the member lists from thousands of Closed Groups and millions of users in a single attack, it is still possible to download the member list if you are a member of the Group,” according to the complaint, which was filed by a security researcher and BRCA advocates, among others. “We have seen some evidence in an uptick in ‘fake membership applications’ to a small sample of Closed clinical Groups. We believe that this could be the response of malicious actors who are now using Suck Puppet accounts that previously had generous access to Closed Group membership data, that are now seeking to restore their access.”

In addition, the complaint goes on to say that Facebook hasn’t been clear about what personal information users might be giving up when they join a group.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.