Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Facebook Notifies 800,000 Users of Blocking Bug

Facebook on Monday started notifying 800,000 users affected by a bug that resulted in blocked individuals getting temporarily unblocked. The social media giant also detailed some new API restrictions designed to better protect user information.

Facebook on Monday started notifying 800,000 users affected by a bug that resulted in blocked individuals getting temporarily unblocked. The social media giant also detailed some new API restrictions designed to better protect user information.

When you block someone on Facebook, you prevent them from seeing your posts, starting conversations on Messenger, or adding you as a friend. However, a Facebook and Messenger bug introduced in May 29 and addressed on June 5 led to users being able to see some of the content posted by individuals who had blocked them.

According to Facebook Chief Privacy Officer Erin Egan, blocked users could not see content shared only with friends, but they may have been shown content shared with “friends of friends.” The blockee may have also been able to contact the blocker via Messenger.

Egan clarified that friend connections were not reinstated as a result of the bug and 83 percent of impacted users had only one blocked person temporarily unblocked. Affected users will see a notification in their account.

New API restrictions and changes

Facebook also announced on Monday additional measures taken following the Cambridge Analytica incident, in which personal data on tens of millions of users was improperly shared with the British political consultancy through an app.

The social media giant previously shared some information on the steps taken to better protect elections and user data, and it has now announced new changes affecting application developers.

Developers have been informed that several APIs have been or will be deprecated, including the Graph API Explorer App, Profile Expression Kit, Trending API, the Signal tool, Trending Topics, Hashtag Voting, Topic Search, Topic Insights, Topic Feed, and Public Figure. The Trending and Topic APIs are part of the Media Solutions toolkit.

Advertisement. Scroll to continue reading.

Some APIs will be deprecated – including due to low usage – while others will be restricted.

Developers will once again be allowed to search for Facebook pages via the Pages API, but they will need Page Public Content Access permissions, which can only be obtained via the app review process.

As for marketing tools, Facebook announced that the Marketing API can only be used by reviewed apps, and that it’s introducing new app review permissions for the Live Video and Lead Ads Retrieval APIs.

Related: Facebook Suspends 200 Apps Over Data Misuse

Related: Facebook to Offer ‘Bounty’ for Reporting Data Abuse

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.