Facebook Allowed Third Parties Read Users’ Messages

Around 2010, Facebook linked up with Spotify, the Bank of Canada, and Netflix. Once a user logged in and connected their Facebook profile with these accounts, these companies had access to that person’s private messages. Yandex also was found having access to Facebook’s unique user IDs in 2017.

In total Facebook gave more than 150 companies, including Microsoft, Netflix, Spotify, Amazon, and Yahoo, unprecedented access to users’ personal data - their private messages. ^{Breach of ConfidentialityDisclosure}

The media obtained hundreds of pages of Facebook documents, generated in 2017, that show that the social network considered these companies business partners and effectively exempted them from its privacy rules.

Facebook also allowed Microsoft’s search engine Bing to see the names of nearly all users’ friends without their consent, and allowed Spotify, Netflix, and the Royal Bank of Canada to read, write, and delete users’ private messages, and see participants on a thread.

It also allowed Amazon to get users’ names and contact information through their friends, let Apple access users’ Facebook contacts and calendars even if users had disabled data sharing,^{Breach of Confidentiality} and let Yahoo view streams of friends’ posts despite publicly claiming it had stopped sharing such information.

Collectively, applications made by these technology companies sought the data of hundreds of millions of people a month. ^Aggregation

https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html