Facebook claims to have corrected on August 24 a bug allowing users with both an application and a Facebook Ads account to access Facebook Analytics data from other apps.
Ten advertisers accessed analytics data from 21 apps during the three weeks the bug was online.
Although this has affected a limited number of accounts, the news comes at a time when data security is being reinforced and that is following other mea culpas of society.
In August, for three weeks, a small number of advertisers on Facebook discovered that they could access aggregated Google Analytics data from other apps.
Facebook reports that a bug was introduced as a result of a code change on August 2nd. The bug allowed users with an advertising account and Facebook to view SDK data in Facebook Analytics from other apps that also have Facebook accounts. Facebook is able to identify the accounts involved and indicates that 21 app owners had their Facebook analytics data accessed by 10 advertisers.
"Due to a bug in our system, a handful of advertisers were able to view the dashboards of other Facebook Analytics advertisers. No personal information about people on Facebook has been shared. We are sorry for this mistake and have solved the problem, "said Joe Osborne, spokesman for Facebook.
On August 24, the company was notified of the problem by a customer and fixed the bug within two hours. He then began to analyze the impact and Facebook contacted the owners of the apps and advertisers involved this week.
How it worked, what data was consulted
Facebook estimates that most advertisers have faced this bug when using Facebook Pixel Helper, a Chrome browser that allows users to identify when the Facebook pixel is correctly installed on a website. With this tool, it's easy to find the pixel ID of a site. Advertisers were able to search for the ID of another site that also has an application in Facebook Analytics and access their application data dashboards. This is not supposed to be possible.
Dashboard data includes aggregated performance reports on metrics such as new users, unique users, application installs, and media session duration. It would also have been possible for advertisers to click on the main pages of these statistics. However, they could not access Facebook Ads accounts for apps, even if they were linked to Facebook Analytics accounts, the company said.
Audit and Monitoring
Facebook is able to see what users are doing in Facebook Analytics, which allows them to know the accounts an advertiser has accessed and the duration of their account. The company does not believe, at this stage, that there was malicious intent, but it can not guarantee that the competitors did not see the data.
The company announced that it was conducting a check to find out if advertisers had retained any of the data (having probably learned by taking the word from Cambridge Analytica, it had deleted ] his Facebook data) and asked why and how accounts.
Facebook made changes to its processes and added enhancements to back-end systems to prevent this from happening again.
In June Facebook apologized to developers for an error that allowed it to send weekly reports on application performance to app testers who often work outside of developer companies. This error affected about 3% of Facebook Analytics users. As with this bug, recipients have seen aggregated application performance metrics, but no personal information.
The company strives to enhance the privacy of the platform within its ecosystem and to be more open in these situations. But as Facebook is now well aware, it has nothing to do.
About the author
Ginny Marvin is the editor-in-chief of Third Door Media. She assists daily editorial operations in all publications and oversees paid media coverage. Ginny Marvin writes about paid online marketing topics, including paid search, paid social networks, posting and retargeting for Search Engine Land and Marketing Land. With over 15 years of marketing experience, Ginny has held both internal and external management positions. She can be found on Twitter as @ginnymarvin.