Facebook Closes Loophole That Revealed Personal Data of People in 'Closed' Groups

Facebook has closed a loophole that allowed third parties to view and collect personal information about members of groups set to the “closed” privacy setting. An extension for Google’s Chrome browser called Grouply.io was specifically made to allow third parties to collect names, locations, email addresses, employers, and other personal data from Facebook groups, according to a report from CNBC.

What finally caused Facebook to close the loophole were complaints from a group of women with the BRCA gene, a gene mutation associated with an elevated risk of breast cancer. The BRCA Sisterhood group, which did not want members’ names to be known, ran a “closed” Facebook group. Technically, “secret” is Facebook’s most restrictive setting, but choosing to make a group “secret” hides it from public listings entirely. The BRCA Sisterhood was open to new members and selected the “closed” setting for that reason.

A security researcher who helped the BRCA Sisterhood moderators investigate whether the plugin could harvest their personal information also found that Facebook groups for individuals coping with other sensitive issues, such as addiction recovery and HIV/AIDS, were easily searchable using the Chrome plugin.

This type of personal data can be used in marketing and advertising. But it comes with another more fraught consideration for Facebook: healthcare privacy compliance. While a social media site like Facebook is not required to be compliant under the Health Insurance Portability and Accountability Act (HIPAA) in the United States, it may catch the attention of European regulators, where Facebook is facing an uphill battle under new General Data Protection Regulation (GDPR) rules.

Facebook issued a cease-and-desist letter to Grouply.io developers, who discontinued the Chrome plugin earlier this year. Facebook has also says it closed the third-party loophole overall.

Comments

Privacy Policy

Facebook Closes Loophole That Revealed Personal Data of People in 'Closed' Groups is dedicated to protecting consumer privacy on the Internet. Our practices are consistent with privacy guidelines established by eTrust.com.

Facebook Closes Loophole That Revealed Personal Data of People in 'Closed' Groups does not require any personal information to obtain access to our website.

Facebook Closes Loophole That Revealed Personal Data of People in 'Closed' Groups does require limited personal information including name and mailing address from individuals wishing to join as members. Additional information such as e-mail address and phone number may also be requested in order that we may contact members in a timely manner on issues related to our mission.

You will only receive e-mail from us if you request to be added to our e-mail list. You may revise or remove your e-mail address from our files at any time.

Facebook Closes Loophole That Revealed Personal Data of People in 'Closed' Groups uses "cookie" technology to obtain non-personal information from our online visitors, such as browser/computer type, number of visitors, and site usage. We do not use cookies to extract personal information.

Our website contains links to other sites, but Facebook Closes Loophole That Revealed Personal Data of People in 'Closed' Groups does not necessarily advocate, support or condone the privacy practices or content of these websites.

Facebook Closes Loophole That Revealed Personal Data of People in 'Closed' Groups makes all information received from our online visitors as secure as possible against unauthorized access and use. All information is protected by state-of-the-art security technology.

Facebook Closes Loophole That Revealed Personal Data of People in 'Closed' Groups respects the individual privacy rights and concerns of visitors to our website. We support meaningful self-regulation of the Internet to ensure that responsible organizations maintain the right to use all communications media to interact with the public.