Facebook User IDs were sold to data brokers, company admits
In yet another black eye for social networking site Facebook, the site disclosed Friday that several developers were selling user data to a third-party. User IDs, or unique identifiers given to every registered member of the site, allow an application to look up a user's public personal information.
As a result of the discovery the offending developers have been placed on a six-month suspension. While not identifying those at fault, the company did say at least one data broker -- RapLeaf, Inc. -- came forward to assist in the investigation. It was not immediately clear if RapLeaf was the purchasing broker, although it agreed to delete any user IDs in its possession.
"Facebook has never sold and will never sell user information," engineer Mike Vernal wrote in a blog post on the site. "We also have zero tolerance for data brokers because they undermine the value that users have come to expect from Facebook."
Less than a dozen developers will be suspended as a result of the company's internal investigation, Vernal reported. These companies would also be subject to "audits" to ensure continuing compliance.
The issue was first disclosed in mid-October after the Wall Street Journal reported that tens of millions of these user IDs had been compromised. However, at that time Facebook did not say that developers may have been intentionally disclosing these identifiers for profit.
Regardless, the site again stressed that private information was not at risk, just the data that a user may have made publicly available. It also has spurred the company to launch a new way of identifying user IDs anonymously which all developers would be required to use by January 1. APIs to take advantage of this new functionality would be released next week.
"In taking these steps, we believe we are taking the appropriate measures to ensure people stay in control of their information, while providing developers the tools they need to create engaging social experiences," Vernal said.