Facebook suspends thousands of apps but user impact unclear

Facebook settled with the Federal Trade Commission for a record $5 billion this summer over privacy violations that stemmed from the Cambridge Analytica scandal. (AFP)
Updated 22 September 2019

Facebook suspends thousands of apps but user impact unclear

Facebook said Friday that it has suspended “tens of thousands” of apps made by about 400 developers as part of an investigation following the Cambridge Analytica scandal.
The announcement came the same day that unsealed legal documents in Massachusetts disclosed that Facebook had suspended 69,000 apps. In the vast majority of cases, however, the suspensions came not after any kind of serious investigation but because app developers had failed to respond to emailed information requests.
Starting in March 2018, Facebook began looking into the apps that have access to its users’ data. The probe came after revelations that data mining firm Cambridge Analytica used ill-gotten data from millions of Facebook users through an app, then used the data to try to influence US elections.
It led to a massive backlash against Facebook that included CEO Mark Zuckerberg being called to testify before Congress. The company is still trying to repair its reputation.
Facebook said Friday its app investigation is ongoing and it has looked at millions of apps so far.
The company said it has banned a few apps completely and has filed lawsuits against some, including in May against a South Korean data analytics company called Rankwave. In April, it sued LionMobi, based in Hong Kong, and JediMobi, based in Singapore, which the company says made apps that infected users’ phones with malware.
Facebook settled with the Federal Trade Commission for a record $5 billion this summer over privacy violations that stemmed from the Cambridge Analytica scandal. The company said the FTC agreement “will bring its own set of requirements for bringing oversight to app developers. It requires developers to annually certify compliance with our policies” and that developers who don’t do this will be “held accountable.”
Also, on Friday, a judge unsealed a subpoena by the Massachusetts attorney general demanding that the social network disclose the names of apps and developers that obtained data from its users without their consent. It also asked for all Facebook internal communications about those apps.
The state began investigating Facebook when the Cambridge Analytica scandal broke. But the company refused to identify any of the apps or developers, and the subpoena would have remained confidential under Massachusetts law had Facebook not insisted on keeping it and related exhibits secret.
Massachusetts Attorney General Maura Healey’s consumer protection division had sought data on apps from prior to 2014, when Facebook announced changes to the platform to restrict access to user data.
Facebook tried to redact the subpoena in negotiations before Friday’s ruling by state Judge Brian A. Davis. But Healey’s office fought to limit the redacted sections.
Facebook did disclose that it had identified more than 10,000 apps that “show characteristics associated with higher risks of data misuse” but did not identify any of them.
The state attorney general noted that Facebook had allowed developers to integrate at least 9 million apps into the platform as of 2014 and had, for many years, allowed developers to access user data, including photos, work history, birthdates and “likes.” This applied not just from people who installed the apps but also to their Facebook friends who did not.
The unsealed subpoena also says that Facebook informed the Massachusetts attorney general’s office that it had identified about 2 million apps “as warranting a closer examination for potential misuses of Facebook user data.”
That suggests that, five years ago, more than one in four apps may have been accessing Facebook users’ data without their knowledge or consent.


High-profile Twitter accounts swept up in wave of apparent hacking

Updated 16 July 2020

High-profile Twitter accounts swept up in wave of apparent hacking

WASHINGTON: A series of high-profile Twitter accounts were hijacked on Wednesday, with some of the platform’s top voices — including US presidential candidate Joe Biden, reality television show star Kim Kardashian, former US President Barack Obama, billionaire Elon Musk, and rapper Kanye West, among many others — used to solicit digital currency.
The cause of the breach was not immediately clear, but the unusual scope of the problem suggested that it was not limited to a single account or service. While account compromises are not unusual, experts were surprised at the sheer scale and coordination of the Wednesday’s incident.
“This appears to be the worst hack of a major social media platform yet,” said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
Twitter said it was investigating what it called a “security incident” and would be issuing a statement shortly. Shares in the social media company tumbled almost 5 percent in trading after the market close before paring their losses.
Some of the tweets were swiftly deleted but there appeared to be a struggle to regain control of several of the accounts. In the case of billionaire Tesla Chief Executive Elon Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared, and then a third.
Among the others affected: Amazon founder Jeff Bezos, investor Warren Buffett, Microsoft co-founder Bill Gates, and the corporate accounts for Uber and Apple. Several accounts of cryptocurrency-focused organizations were also hijacked.
Biden’s campaign was “in touch” with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat’s account “immediately following the breach and removed the related tweet.” Tesla and other affected companies were not immediately available for comment.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency.
Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
“We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people,” he said.