Facebook loophole allowed third-party firms to collect personal information from people in ‘closed’ groups without their knowledge

By Joe Pinkstone For Mailonline

09:55 EDT 13 Jul 2018, updated 09:56 EDT 13 Jul 2018

+4

• 0
comments

Latest From MailOnline

‘Whatever you do is OK by us!’ President Trump BACKS Theresa May’s Brexit vision and says US-UK relationship is ‘the highest level…

Woman who died falling trash chute was in the middle of a contentious divorce, lost custody of her son and was ordered to undergo…

• The loophole in Facebook was first unearthed by the BRCA Sisterhood 

• This ‘closed’ group was created for women living with a breast cancer gene

• Private information from members could be taken using a browser plugin 

• Grouply.io obtained emails, names and locations of those in the private group

• The plugin is now disabled and Facebook has tweaked its privacy settings

Facebook has fallen fowl of another data privacy risk

A loophole in the social network allowed third-party firms to siphon private information about members of closed Facebook groups.

The issue was exposed after BRCA Sisterhood, an online support network based on Facebook for women with a high genetic risk of breast cancer, discovered their personal information could be taken without their knowledge or consent.

After reaching out to a security researcher, BRCA Sisterhood discovered that a third-party plugin for the Google Chrome web browser could take emails, names and locations of members from closed groups.

The BRCA Sisterhood have raised concerns that personal information siphoned from the private groups could lead to discrimination from healthcare insurers, and other companies.

Facebook has since closed the loophole used by the web browser plugin.

Scroll down for video ” class=”img-share” src=”https://i.dailymail.co.uk/i/newpix/2018/07/13/14/050CAD48000007D0-5950417-A_Facebook_loophole_let_marketing_companies_spy_on_people_in_pri-m-19_1531487397419.jpg” width=”634″ height=”454″ alt=”A Facebook loophole let marketing companies spy on people in private groups, stealing their private data. The privacy breach was discovered when a Facebook group that supports women with a breast cancer gene with discovered a Chrome extension that obtained the information” />

A Facebook loophole let marketing companies spy on people in private groups, stealing their private data. The privacy breach was discovered when a Facebook group that supports women with a breast cancer gene with discovered a Chrome extension that obtained the information

The ability to siphon private information from users in ‘closed’ Facebook groups was first highlighted by a moderator of BRCA Sisterhood.

Using a third-party plugin, known as Grouply.io, enabled anybody to download the names, employers, locations, and email addresses of private group members.

Worse still, the members of the closed group would not aware the data had been taken.

Facebook sent-out a cease-and-desist letter to the developers behind the application. Grouply.io is no available to download for Google Chrome.

The Menlo Park-based company also closed the loophole that enabled the information to be taken from ‘closed’ groups.

A spokesperson for Facebook said shutting down the ability to view members of closed groups was a recent decision that was based on ‘several factors’, but was not related to outreach from the BRCA Sisterhood.

Share this article

RELATED ARTICLES

Revealed: The Bayeux Tapestry features an array of 93 PENISES (and the horse of William the Conqueror has the largest)

Facebook Messenger DOWN: Popular messaging service goes offline for users worldwide in second outage for social network firm in two days

Forget tablets and laptops! Victorian era chalk slates help teenagers get ahead by two months because they get instant feedback, scientists claim

The ‘ghost particle’ from another galaxy that could transform our understanding of the universe after being detected in the Antarctic

The women in BRCA Sisterhood use the private, members-only Facebook group as a support network to help get through living with the BRCA gene.

They grew concerned when they realised details of their condition were available, and could be uncovered by insurance companies and other third-party firms.

BRCA Sisterhood moderator Andrea Downing contacted a friend who works in cyber-security, Fred Trotter, after she discovered the privacy flaw.

Mr Trotter found that ‘closed’ Facebook groups were set-up in a way which allowed third parties to find information on the members of the group.

Although the ability to find a list of members in a ‘closed’ group has always been available, Grouply.io was designed by marketers to obtain information on all of the members of a private group in bulk.

Facebook has since made changes to its privacy settings to stop the practice.

Social network users might not realise, but sharing information in a ‘confidential’ or ‘closed’ context on a website like Facebook does not carry the same protections as sharing it in a medical context.

‘A genetic test result like BRCA is protected by HIPAA [the Health Insurance Portability and Accountability Act] and it can’t be shared with marketers, if it is in a medical record,’ explained Deven McGraw, chief regulatory officer for Ciitizen, a health information sharing application, in an interview with CNBC.

‘But a social networking site is not covered by HIPAA.’

WHAT IS THE BRCA GENE?

Having a mutated BRCA gene – as famously carried by Angelina Jolie – dramatically increases the chance a woman will develop breast cancer in her lifetime, from 12 per cent to 90 per cent.

Between one in 800 and one in 1,000 women carry a BRCA gene mutation, which increases the chances of breast and ovarian cancer.

Both BRCA1 and BRCA2 are genes that produce proteins to suppress tumours. When these are mutated, DNA damage can be caused and cells are more likely to become cancerous.

The mutations are usually inherited and increase the risk of ovarian cancer and breast cancer significantly.

When a child has a parent who carries a mutation in one of these genes they have a 50 percent chance of inheriting the mutations.

About 1.3 percent of women in the general population will develop ovarian cancer, this increase to 44 percent of women who inherit a harmful BRCA1 mutation.

+4

<img id=”i-4833df615022390e” class=”img-share” src=”https://i.dailymail.co.uk/i/newpix/2018/07/13/12/4E31BB8600000578-5950417-After_Facebook_sent_a_cease_and_dessist_letter_to_the_applicatio-a-54_1531480756320.jpg&#8221; width=”634″ height=”406″ alt=”After Facebook sent a cease-and-dessist letter to the application’s developers, the plugin is no longer available.Facebook is trying to build its reputation back up after a string of privacy concerns have rocked the firm in recent times (stock)” />

After Facebook sent a cease-and-dessist letter to the application’s developers, the plugin is no longer available.Facebook is trying to build its reputation back up after a string of privacy concerns have rocked the firm in recent times (stock)

According to a spokesperson for Facebook, speaking to Mr Trotter: ‘Our Groups team has been exploring potential changes related to group membership and privacy controls for groups, with the goal of understanding whether providing different options can better align the controls with the expectations of group administrators and members.

‘That work is ongoing and may lead to changes that address some of your concerns going forward.’

Facebook has been rocked by a string of privacy concerns in recent months.

The social networking company is working to restore faith in its services after the Cambridge Analytica scandal earlier this year, in which 87 million people had their data shared the political consultancy firm.

Facebook has also come under scrutiny after Russian trolls used the social network to meddle in the 2016 US presidential election.

WHAT IS THE CAMBRIDGE ANALYTICA SCANDAL?

Communications firm Cambridge Analytica has offices in London, New York, Washington, as well as Brazil and Malaysia.

The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.

‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claims on its website.

The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.

d=”i-c3d658e9ba3ec36″ class=”img-share” src=”https://i.dailymail.co.uk/i/newpix/2018/03/21/08/1AD5AD6C00000514-5526195-image-m-2_1521621412971.jpg&#8221; width=”586″ height=”417″ alt=”The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump” />

The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump

This meant the company was able to mine the information of 87 million Facebook users even though just 270,000 people gave them permission to do so.

This was designed to help them create software that can predict and influence voters’ choices at the ballot box.

The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.

This information is said to have been used to help the Brexit campaign in the UK.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s