Facebook left its doors and windows wide open and looked the other way when members’ personal data was “scraped” (harvested) by an unknown number of people or companies. Facebook wasn’t hacked. They let this happen.
“In total, we believe the Facebook information of up to 87 million people — mostly in the US — may have been improperly shared with Cambridge Analytica,” said Facebook in a blog post.
But that’s only counting what they now think Cambridge Analytica got ahold of and used for political purposes. That’s not counting the data the Obama campaign had used from Facebook or what many others likely Web scraped and used and might still be using.
Mike Schroepfer, Facebook’s chief technology officer, lists many ways Facebook is now tightening up access to data members provide.
“Here are the details of the nine most important changes we are making,” wrote Schroepfer. “Events API: Until today, people could grant an app permission to get information about events they host or attend, including private events.” This allowed third parties to access “information about people and conversations in groups” and more. Now “all third-party apps using the Groups API will need approval from Facebook and an admin to ensure they benefit the group,” says Schroepfer.
Other security holes included the ability of “any app [to] use the Pages API to read posts or comments from any Page.” This window has also been shut.
Schroepfer lists many other security upgrades. It’s important that they’re taking these steps. This will surely give Facebook CEO Mark Zuckerberg some good talking points when he appears before a congressional committee this week.