Getty Images

A Facebook privacy loophole let third parties find people’s names in closed Facebook groups, according to CNBC

The social networking company has reportedly closed the loophole, and a Chrome extension allowing marketers to collect the information was also shut down after Facebook sent a cease-and-desist letter to its creators, according to the report. 

Members of a private group for breast cancer gene carriers reportedly became concerned that their names were potentially being exposed, and that this would make them a target for discrimination from insurers. A Facebook representative told CNBC that the company’s decision to disable seeing members of closed groups was based on “several factors” but wasn’t connected to the group’s concerns. 

Facebook didn’t immediately respond to a request for comment.

The social networking company is working to restore user trust following the Cambridge Analytica scandal earlier this year, in which data from as many as 87 million Facebook users was improperly shared with the political consultancy. It has also come under scrutiny after Russian trolls used the social network to meddle in the 2016 presidential election.

Andrea Downing, a moderator for the group for women with the BRCA gene, told CNBC that she became worried about group members’ privacy after finding out that a Chrome extension called let her download personal information of all 9,000 group members including names, employers, email addresses and locations. didn’t immediately respond to a request for comment.

Downing reportedly reached out to security researcher Fred Trotter, who found that closed Facebook groups had a loophole that allowed third parties to collect people’s names. He found that was designed for marketers to do this en masse, and that he could also gather people’s information manually without the browser extension. He submitted a report to Facebook on May 29, according to CNBC. A Facebook representative told CNBC that member lists for closed groups were “viewable” but that people couldn’t download the full list at once. 

On June 20, Facebook reportedly responded to Trotter and the group members, acknowledging that member lists for closed groups were publicly available. About a week later, group members responded to Facebook saying they weren’t happy with the response, and by June 29, that ability to collect details on Facebook was shut down, CNBC reported.

Source link