Facebook privacy breach9/18/2023 It all started because Downing wanted to help women at risk for cancer It also raises troubling questions about the security of users’ personal health information on the social platform – and beyond. If the FTC found that Facebook violated its health rules, the complaint could put Facebook on the hook for billions in potential fines. Facebook told The Verge in July 2018, “While we recently made a change to closed groups, there was not a privacy loophole.” A Facebook spokeswoman acknowledged to CNN that web developers did have access to membership lists for all closed groups before the fix.įacebook says that simply being a member of a closed health group doesn’t constitute a health disclosure, and that it’s investing in ways to give its users clearer information about group privacy settings, particularly with regard to health groups.ĭowning and Trotter have filed a complaint with the Federal Trade Commission, arguing that Facebook had an obligation to protect membership lists for health groups and that it failed to disclose this alleged vulnerability to its users. Trotter and Downing are still concerned about this, even though they say the alleged health data vulnerability was closed in 2018 when Facebook changed its settings. To be clear, Trotter and Downing do not point to a specific smoking gun of a third party stealing and selling health data that users shared on Facebook at mass scale.īut they do allege that users’ identifiable information related to specific medical diagnoses could have been accessible for a period of years by those with Facebook developer accounts.įred Trotter discusses cybersecurity with Downing during a conference in February 2020. In an interview, he said that because the vulnerability would have been present for all Facebook groups labeled “closed,” it would have affected far more people than that scandal, in which the Cambridge Analytica political consulting firm obtained the the personal data of millions of Americans.įurther, Trotter argued that the alleged vulnerability might be worse due to the high value of healthcare data to companies, and the high potential for malicious actors to use sensitive information for illicit purposes. Trotter believes Downing’s discovery had the potential for a leak “probably several orders of magnitude larger than Cambridge Analytica.” They filed a complaint about Facebook with the FTC “The kinds of things that they don’t tell their husbands about in some cases.” “In less than an hour, I had extremely personal information that could be used against these women,” Trotter told CNN. Trotter said that without more information, it’s difficult to prove whether a third party developer exploited the alleged vulnerability. Trotter said he found a loophole in the privacy settings for closed Facebook groups that would allow developers, marketers and others to download the membership lists of Facebook groups for thousands of diseases and conditions, from Alcoholics Anonymous to survivors of sexual assault. Because their group was classified on Facebook as closed, members’ personal information was supposed to only be visible to other members.ĭowning called a cybersecurity researcher named Fred Trotter, who says he confirmed her suspicion. “I kept expecting others to be on top of that and nobody was.”ĭowning thought there could be a similar risk for the women in her BRCA Sisterhood group who shared deeply sensitive information, including pictures of their mastectomies. “There is much more wrong here than is being reported,” she remembers thinking. In 2018, she began to worry that leaks of personal data such as the Cambridge Analytica scandal, which affected up to 87 million Facebook users, could happen in the health sphere. Maybe you’ve been diagnosed with HIV, or you’re trying to kick an opioid addiction.ĭesperate to get some advice or talk to a kindred spirit, you bare your soul in a Facebook support group for people with your health problem.īut what if your membership in a Facebook group you assumed was confidential wasn’t private?Īnd what if marketers could easily learn about your diagnosis and your name, email address, location and other identifying information?Īndrea Downing, a tech project manager and breast cancer advocate, has spent the past two years trying to tell the world about this alarming prospect.ĭowning is an administrator for a private Facebook group helping women who have a gene mutation that puts them at risk for breast and ovarian cancer. Imagine you have a highly sensitive medical condition that you want, or need, to keep secret.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |