Facebook found out that over 150 companies specifically allowed access to user's personal information

The New York Times reported that Facebook shaken by users' personal information misuse or spill problems had given special privileges to more than 150 companies including Apple, Microsoft, Amazon, Netflix, etc. I will. This problem was discovered from Facebook's internal documents over several hundred pages published by the British Parliament on December 5, 2018.

As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants - The New York Times

Facebook gave Spotify and Netflix access to users' private messages - The Verge

Facebook's data-sharing deals exposed - BBC News

This is not the first time Facebook is a problem concerning the handling of personal information, but in March 2018, Cambridge Analytica discovered the problem of misusing the user's personal information. Also, in September 2018, the problem of stolen access token of 50 million people by an attacker has been raised as a result of being vulnerable to the system's vulnerability.

Security leaks affecting 50 million users on Facebook are discovered, users' access tokens are stolen - GIGAZINE

According to The New York Times, internal documents indicated that Facebook had a "data sharing partnership" that gives users access to personal information with multiple companies. This agreement is effective as of 2017, and in part there are things that were effective as of the summer 2018. Most of the companies that signed the agreement were technology companies including online retailers and entertainment sites, others had automobile manufacturers and media companies, and said they had contracts of more than 150 companies in total.

For example, Microsoft's search engine "Bing" was allowed to access Facebook user's profile information and friends' names until 2017. However, it seems that it was limited only to users who set the profile information to "public" to the last. This was part of a program called " Instant Personalization ", which had the ability to show visitors who visited Facebook using friends connected by Facebook. Instant personalization was introduced in 2010, but it was abolished in 2014 after receiving great criticism from the beginning. Microsoft seems to have been given access rights even after the abolition of the program, but Microsoft has said that these data have already been deleted.

Also, Apple said that access to contacts and calendars was allowed, even if the user disabled profile information disclosure. In response to The New York Times' interview, Apple says, "We both did not notice that Facebook and Facebook were given special access rights, user data never gets lost from the user's device." It is.

Spotify, Netflix and Royal Bank of Canada have been given the authority to view, edit and delete Facebook user's private messages. This is due to the API that began in 2010 as part of the early stages of building a Facebook messenger system. We comment that Spotify does not recognize that it was given special privileges.

"Netflix tried various methods over the years to spread Netflix to more society, because Netflix members recommend television programs and movies to friends via Facebook messenger, It is a function to make it possible in 2014. But it was not popular enough to abolish its function anymore in 2015. We sent it to Facebook user's private message We did not access it and Facebook users did not ask for private messages to access other sites. "

Amazon, which was permitted access to the user's personal information and contacts, states the comment "We are using it according to our privacy policy".

In 2011, Facebook pledged to the Federal Trade Commission (FTC) that "we do not share user data without explicit consent, and Facebook claims that it is not in violation of this, The data sharing problem of this time is criticized that it is clearly breaking the pledge. Privacy International, an NGO promoting personal information protection, said, "Facebook could not explain to users clearly and concisely how to collect, store, share, and retain personal information.The Facebook scandal in 2018 It is a phenomenal thing and it shows that exploitation of data is totally rampant. "

in Web Service,   Security, Posted by log1i_yk