Facebook denies privacy breach allegations by Symantec

No personal data could have been passed to third parties, company says

1 2 Page 2
Page 2 of 2

A Symantec spokesman this afternoon said the company still believes its original report is accurate, but did not comment further.

Kevin Haley, director at Symantec security response said that while it's likely that third-parties had not noticed the leak, it would be hard to say for sure whether someone noticed it and took advantage of it.

The issue is unlikely to improve Facebook's already battered reputation on the privacy front. The company has been at the center of numerous privacy related issues over the past couple of years.

Last October, for instance, the company found itself in the middle of a major firestorm after the Wall Street Journal reported that several popular Facebook applications such as FarmVille, Texas HoldEm Poker and FrontierVille had been secretly sending user information to advertisers.

Last year, the company was also hit with a lawsuit after some members claimed that changes the company made to its privacy settings made it even harder for users to control access to their personal data.

"This breach does not surprise me, because I've seen its like before in Facebook and in other Web sites [and] platforms," said Chris Palmer, technology director at the Electronic Frontier Foundation. "Although this bug might quite likely be an accident, it is not the first of its kind in Facebook."

Providing advertisers with detailed profiles of Facebook users has been part of Facebook's business model, he said. "Therefore we can expect for this kind of security failure to arise again," he said. "The business model requires Facebook to walk a fine line between keeping advertisers happy and not angering too many users."

Jeffrey Chester, executive director of the Center for Digital Democracy (CDD), said Facebook is working with a growing list of third parties who are in the business of collecting Facebook user information. "The company has the data collection for ad targeting spigot turned on -- so it's not a surprise that user information is leaking out to the others," Chester said.

"Facebook needs more than a digital plumbing job -- it needs to put a privacy policy in place that allows its members to actually control their information," Chester said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2011 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
  
Shop Tech Products at Amazon