In another one of those privacy hiccups Facebook is making a habit of lately, the company has admitted accidentally copying some weekly app developer emails to the wrong recipients.
News of the leak emerged when a developer tipped off a news site that one of these emails had ended up being read by someone outside the company.
When queried about the issue, Facebook issued a statement admitting that Facebook Analytics data meant for admins, developers, and analysts had also been sent to app testers:
Due to an error in our email delivery system, weekly business performance summaries we send to developers about their account were also sent to a small group of those developer’s app testers. No personal information about people on Facebook was shared. We’re sorry for the error and have updated our system to prevent it from happening again.
A Facebook app might be a game, integration of another service to work inside Facebook, or specialised software to allow third parties to interact with users or access its big data for a variety of purposes.
The data shared would have included new users, weekly active users, and page views, but not historical data from the app’s dashboard.
A total of 3% of accounts were affected, Facebook said, without putting a number on how many accounts this was. The company said it would send an apology email to all accounts affected by the inadvertent leak.
Testers have to be specified by developer admins in the Facebook system but wouldn’t normally have access to this kind of sensitive data.
Sending emails to the wrong people within this community is a small problem on its own but it comes after a series of problems on different but interconnected fronts.
These have mainly revolved around the way third-party developers have access to user data – the Cambridge Analytica scandal is the best known example of this.
Then, a few weeks ago, Facebook admitted a bug had caused it to suggest 14 million users publicly share posts made between 18-22 May even though they might previously have specified they be kept private.
Exactly what is behind this succession of privacy mishaps is not entirely clear, but from the outside, it can sometimes seem that the company is losing control of its platform’s huge complexity.
Source : Naked Security