Facebook says 100 app developers may have accessed users' data for months

International News
In yet another data breach, Facebook on Wednesday revealed that at least 100 app developers may have accessed Facebook users' data for months, confirming that at least 11 partners "accessed group members' information in the last 60 days".
The social networking giant found that the apps -- primarily social media management and video streaming apps -- retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API (application programming interface).
"Although we've seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted," the company said in a statement.
"We've removed or restricted a number of our developer APIs, such as the Groups API, which provides an interface between Facebook and apps that can integrate with a group," it added.Facebook is facing scrutiny after personal data of 87 million users were harvested by UK-based political consulting firm Cambridge Analytica. The Federal Trade Commission (FTC) has slapped Facebook with a $5 billion fine as a result of the breach.
According to the company, the apps designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups."For example, if a business managed a large community consisting of many members across multiple groups, they could use a social media management app to provide customer service, including customized responses, at scale."

"But while this access provided benefits to people and groups on Facebook, we made the decision to remove it and are following through on that approach," said Facebook.According to Facebook's director of platform partnerships, Konstantinos Papamiltiadis, the new framework under their agreement with the FTC means more accountability and transparency into how it builds and maintains products.....READ MORE

JustDial data leak exposed personal details of 100 million users: IT expert

Technology News

Justdial, a company that provides local search for different services in India over voice calls and internet, suffered a data breach last week that compromised the personal details of 100 million users, according to independent cyber-security researcher Rajshekhar Rajaharia.

An Economic Times report on Thursday quoted Rajaharia as saying that the company has not been able to fix the breach. He told ET that the breach did not affect a newer, revamped version of the website.

In a Facebook post, the cybersecurity expert claimed that the attack put at risk data of users who called JustDial's customer care number '88888 88888'.

Inc42 quoted a senior JustDial executive on Monday as saying that the company is investigating the alledged loopholes in its database and that the company's systems are foolproof.

Rajaharia said on Wednesday that user data "including name, email, mobile number, gender, dob, address, photo, company, occupation & other details are publicly accessible" on the site.
He told Inc42 that the link between JustDial's application and database is not protected.
Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto.


 A report by news agency IANS said on Wednesday that cyber security experts have raised alarms over an 'advanced phishing attack' on IT bellwether Wipro, saying that no organisation, regardless of its size, is immune from sophisticated cyber criminals in India. The IT giant suffered an attack on its employee database. E-commerce giant Amazon faced a data leak in December last year that exposed some sellers’ private financial information to other users.

Facebook faces more questions from CBI on data theft of Indian users

Companies News

The Central Bureau of Investigation (CBI) has sent a second round of questions to Facebook (FB), seeking further information on the alleged theft of data of Indian users of the social networking site. This follows Facebook’s initial replies on the matter to the CBI.

The agency was not satisfied with the response, which was more about the processes regarding privacy of personal data, it is learnt.

The CBI had registered a preliminary enquiry (PE) in August 2018 after receiving a reference from the Ministry of Communications and Information Technology.

The recent query was raised on some specific points based on the evidence gathered by the probe agency. Sources in the know said the questions were around the charges of harvesting personal data of Facebook users without their consent for political purposes.

An email sent to Facebook did not elicit any response.

Besides Facebook, the CBI had also sought reply from British consultancy firm Cambridge Analytica and Global Science Research (GSR). In an initial reply, Analytica denied the allegations of breaching the data of Indians, said a source.


 The CBI is probing whether Cambridge Analytica allegedly received data from Global Science Research, for illicit harvesting of personal data by using Facebook. The data analytical firm had earlier also faced allegations that it used personal information harvested from 87 million Facebook accounts to help Donald Trump win the 2016 US Presidential election...Read More