Saturday, June 22, 2024

Facebook Reveals An Another Data Leak – 100+ 3rd Party Apps Accessed FB Groups Member Data

Facebook revealed a new security incident that affected the FB groups member by nearly 100+ 3rd party apps that accessed the group member’s information.

These apps were misused the Facebook Groups API and retained access to group member information, such as names and profile pictures with group activities.

Groups API is a collection of Graph API endpoints that allow apps to read and create Facebook Group data on behalf of group members. a group admin can grant 3rd party app access to groups publicly available content, such as posts, photos, and videos.

Facebook restricted the app developers to access the group member information such as name and profile picture in April 2018, and the apps only authorized to access the information such as the group’s name, the number of users, and the content of posts.

“If the apps want to access sensitive information, group members had to opt-in. but the Facebook recent ongoing review reveals that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended.” Facebook Said via a blog post.

Facebook believes that at least 11 partners accessed group members’ information in the last 60 days, and there is no evidence found that this information was abused.

The apps that accessed the information are social media management and video streaming category that developed for group admins to manage their group to help the group member to share the videos and more.

“We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we’ve said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products.”

Konstantinos Papamiltiadis, Director, Platform Partnerships said, “We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed”

In September, Facebook suspended “tens of thousands” of apps associated with 400 developers due to the privacy concern, and pose a threat to the Facebook community.


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles