Thursday, March 28, 2024

Facebook Reveals An Another Data Leak – 100+ 3rd Party Apps Accessed FB Groups Member Data

Facebook revealed a new security incident that affected the FB groups member by nearly 100+ 3rd party apps that accessed the group member’s information.

These apps were misused the Facebook Groups API and retained access to group member information, such as names and profile pictures with group activities.

Groups API is a collection of Graph API endpoints that allow apps to read and create Facebook Group data on behalf of group members. a group admin can grant 3rd party app access to groups publicly available content, such as posts, photos, and videos.

Facebook restricted the app developers to access the group member information such as name and profile picture in April 2018, and the apps only authorized to access the information such as the group’s name, the number of users, and the content of posts.

“If the apps want to access sensitive information, group members had to opt-in. but the Facebook recent ongoing review reveals that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended.” Facebook Said via a blog post.

Facebook believes that at least 11 partners accessed group members’ information in the last 60 days, and there is no evidence found that this information was abused.

The apps that accessed the information are social media management and video streaming category that developed for group admins to manage their group to help the group member to share the videos and more.

“We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we’ve said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products.”

Konstantinos Papamiltiadis, Director, Platform Partnerships said, “We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed”

In September, Facebook suspended “tens of thousands” of apps associated with 400 developers due to the privacy concern, and pose a threat to the Facebook community.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles