Facebook Bans Developers for Selling User Info

Facebook says it has discovered that some application ("app") developers have been deliberately selling user information for the intention of third-party marketing, and has responded by banning a list of developers from the site for six months.

A similar breach was reported in a Facebook investigation last month. In that case, a technical error in the way developers used the information provided by Facebook meant they were revealing the user IDs of members who used the relevant applications, such as games. It's important to note this is simply Facebook's own reference number for the user, and not the email address that they use to log-in to the site.

However, while that ID didn't reveal any secret information, it made it considerably easier for advertisers to gather any data users had made public on their pages.

Finding Facebook User Information Easy

From a technical standpoint, any company could gather user IDs and information from publicly available Facebook profiles, simply by scanning the site. Getting user IDs from app developers simply quickens that process, making it more practical.  (Source: computerworld.com)

Facebook Data Broker Collected, Sold User IDs

As part of its investigation into the situation, Facebook says it's now discovered that a data broker (a company that sells information to advertisers) was paying some app developers to provide user IDs.

Facebook says that fewer than a dozen developers were implicated and that none of them were behind the applications detailed in the original investigation into accidental breaches. However, it's not naming the applications or developers involved. (Source: facebook.com)

As a result, Facebook has now barred the developers from having any access to the site for six months, during which the apps will be unavailable. At the end of this time, it will audit the developers' data handling processes before restoring access.

Data Broker Cut Loose

The site has also "reached an agreement" with Rapleaf, the data broker mentioned above. Rapleaf has agreed to have no further involvement with Facebook and its developers, and will delete all the Facebook-related data it acquired.

Although Facebook hasn't given further details on this agreement, it appears likely that Rapleaf agreed to these demands in return for Facebook not pursuing legal action. And for the record, it's not been proven that Rapleaf committed any offence.