Facebook Databreach, how Cambridge Analytica abused Facebook’s API

The ongoing controversy of the US election and the proliferation of fake news on platforms such as Facebook continues. Now we are discovering a Cyber Security and privacy slant, where a UK company, who specialise in changing audience behaviour has been found to be abusing Facebook’s API. This resulted in Cambridge Analytica gaining access to 50 million user profiles without the users or Facebook’s permission through a deal with a UK-based academic, Aleksandre Kogan, and his company Global Science Research. Although Cambridge Analytica claims no wrongdoing, Facebook has still suspended their access.

There are a few concerns here, one the abuse of millions of peoples privacy and exploitation of open API’s of companies. We are looking for banks and large organisations to open up their API’s to all businesses. This can allow smaller more innovative companies to create new and valuable services which will be great for society. The issue is that this is making privacy and security more challenging and creates a greater need for these to be front of mind for developers.

Secondly that it appears Facebook knew about this in 2015 but did not act then. Data breaches can take many forms and often are through avenues of abusing normal functionality. Understanding your privacy obligations and what threat scenario’s need to consider this particularly with key features of your API’s or applications. The need for organisations to take privacy more seriously is critical as when the information is out, particularly psychological profile information, we can’t just reset it like a password.

To read the Guardian article please click here.