Facebook Now Admits It Allowed Netflix and Other Apps to Access Private Messages

A summary of the latest data breach, plus some privacy tips

December 19, 2018 9:00 am

Facebook was sharing your data surreptitiously. You knew that.

What you maybe didn’t know and should really, really piss you off: They were also sharing your private messages with a lot of big tech companies.

A New York Times report suggests Facebook gave partners like Microsoft, Spotify and Netflix a lot more access to personal user data that previously suggested, including access to private messages.

Based on a review of internal documents and interviews with 50 former employees, it appears that using your Facebook account to sign in and utilize different apps across various devices opened up your data in ways that went far beyond Facebook’s own privacy rules and certainly were never disclosed, even in recent Congressional hearings.

Some egregious examples cited by the Times:

  • Via Facebook, Microsoft search engine Bing could see names of users’ friends (without consent)
  • Spotify and Netflix could read Facebook users’ private messages
  • Amazon could obtain users’ names and contact info through their friends

Oh, and Facebook was sharing user data and unique user IDs with the Russian search service Yandex, which has been accused of funneling user data to the Kremlin.

Overall, about 150 third-party partners potentially and improperly benefited from their partnership with Facebook.

In a blog post from Tuesday, Facebook states, “None of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC.” They also claim there is no evidence that data was “used or misused” from their instant personalization program (which accessed public information on Facebook) and was active from 2010-2014.

As for the partners who had access, it’s not clear if any of them took advantage of this extreme amount of user access. For example, a spokeswoman for Netflix told Business Insider that their company never accessed private messages … a message they repeated, rather amusingly, on Twitter.

Expect a lot more about this in the coming days, but meanwhile, you have a few options.

  1. Quit Facebook. Even esteemed tech journalists are doing it.
  2. Never use FB to sign into third-party apps.
  3. Follow our advice: We have 12 ways to protect your data online (including a rather aggressive way to neuter Facebook even after you’ve deleted your account) and 25 tips from online security experts (which applies a few things to Facebook but also offers suggestions for all your online adventures).

Photo: Maurizio Pesce/Flickr CC license

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.