Report: All Top 10 Facebook Apps Leaking Personal Information

According to a report in the Wall Street Journal, a large number of the most popular applications on Facebook — including all of the 10 most popular apps — have been improperly transmitting user info, including names and possibly names of friends to advertising and internet tracking companies.

Writes the Journal:

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.

The problem has ties to the growing field of companies that build detailed databases on people in order to track them online… It’s unclear how long the breach was in place. On Sunday, a Facebook spokesman said it is taking steps to “dramatically limit” the exposure of users’ personal information.

Among the apps mentioned in the Journal report are FarmVille, Phrases, Texas HoldEm Poker, FrontierVille, Causes, Cafe World, MafiaWars, Quiz Planet, Treasure Isle and Heart.

The Journal says the apps they investigated were sending Facebook ID numbers to at least 25 advertising and data firms, “several of which build profiles of Internet users by tracking their online activities.”

The report singles out one such firm, Rapleaf, which it says had added Facebook user IDs to the database of Internet users it sells to yet other firms. However, a VP for the company tells the paper, “We didn’t do it on purpose.”

Facebook in Privacy Breach [WSJ]


Edit Your Comment

  1. Thaddeus says:

    This is me being shocked. I’m shocked. Can you tell how shocked I am? And yet again, everyone will get upset because they were stupid enough to put a bunch of personal information online and then find out it was spread all over.

    • mythago says:

      Yes, let’s all wank about the stupidity of people who believed a privacy agreement meant what it said, instead of the dishonest companies who lied to them. Because we feel so much safer with victim-blaming!

      • Shadowfax says:

        The privacy agreement was with Facebook. When you sign up for a Facebook app, that’s a 3rd party. They’re not beholden to privacy agreements you make with Facebook, especially when you give them permission to access that information, as you have to do when you install them.

        It’s like the dinks with the Android phones who are all pissed off because programs they downloaded are mining their data. Well hell, what exactly did you think was going to happen when the wallpaper program asked for your contact list and internet access?

      • Conformist138 says:

        It’s like Sears or Best Buy: at what point do you just roll your eyes and say “By now, we should know better.”

        @Thaddeus- that was perfect. I was thinking the exact same thing reading the article. “Oh, such a big surprise.”

  2. dg says:

    Unless you own and operate the cloud, or your own site – then any data you provide is at risk regardless of the “Privacy Policy”. It can be intentional, or unintentional – but it will get out. If you want your friends to know what you’re doing – call them.

    Facebook and it’s ilk are risky to your life, health, and livelihood. Just say “No thanks” to them…

    • Marshmelly says:

      “If you want your friends to know what you’re doing – call them.”

      All 200 of them? This “don’t use Facebook in the first place” argument (predominantly voiced by those who neither use nor understand the benefits of the website in the first place – or maybe those who have no friends) is getting old and misses the entire point of that this story addresses. This is 2010. Most people aren’t going to stop using Facebook. The problem that needs to be addressed is the leaking of personal information and the acts against the Privacy Policy on behalf of these applications. Facebook is a billion dollar company and should take steps to prevent these sort of things from happening.

      • theycallmeGinger says:

        Yes, but what you are missing is that normally the advice given at Consumerist is to “walk away” from a company that mistreats its customer base. You’re saying people won’t do that and that this company needs to take responsibility for its deceitful practices. But why would they have to? No one’s leaving and they’re making good money off of their users. There is no incentive for Facebook to do the right thing. They know most people will still stay even if they are blatantly screwing them. So why stop now? Think of all the things they’re doing that you DON’T know about! If you’re fine with that, then all is well.

        • Pax says:

          You don’t have to walk away from Facebook, to walk away from FarmVille.

          FarmVille is not run by, owned by, or otherwise truly controlled by Facebook. It’s owned and operated by Zynga, a separate company entirely.

          • catastrophegirl chooses not to fly says:

            apparently the problem here is that you do have to leave facebook to get away from farmville because it’s accessing info on the friends of users. i don’t use farmville but my sister’s addicted. which means farmville is accessing my info on facebook.
            only they aren’t really, because i use a fake name and demographics

            • stranger than fiction says:

              Any time one of those app spams shows up in my feed, I follow the link to visit the app. On the app’s page, there is a link to “block this application”. This allegedly prevents the application from accessing my info.

              It was a seemingly endless task at first — but now that I’ve blocked most of the major apps, I rarely see notices in my feed anymore.

  3. goldgecko4 says:

    I’ve gotta take issue with the headline… “leaking” implies that it was accidental…

    • c_c says:

      Intentional releases of info are often characterized as “leaks”… remember the CIA leak scandal, for example.

  4. Jedana says:

    Aren’t most of those apps from Zynga? Sounds like a problem with that company.

    • savvy9999 says:

      sounds like it to me. I played Zynga HoldEm for a while, but then their “give us your real email” campaign kinda got freaky, so I stopped. Removed it/uninstalled it/whatever it’s called.

      Worked my way up to $2Million in chips too :(

      too many all-in suckers in that game. As usual with all online poker places, when it’s not for real money.

    • ktetch says:

      yeah ,the same company was ‘given the key to the city’ by SF’s mayor last year, for their ‘good company’ credos.

      that was less then 2 months after the videos surfaced about them trying every scam in the book

    • Rocket says:

      Google owns Zynga

      • gStein_*|bringing starpipe back|* says:

        google invested in Zynga. i do not believe that they have a controlling share, but i may be mistaken.

  5. Loias supports harsher punishments against corporations says:

    “We didn’t do it on purpose.”

    The excuse of a 4-year-old.

  6. El_Fez says:

    Facebook leaks personal information? In other news, Water is wet.

  7. Arcaeris says:

    “Hmm, facebook studies show that males 18-30 are very interested in rhubarb and carrots, while females in the same demographic prefer daikon and blueberries. Get this data to Monsanto, STAT!”

  8. DJSeanMac says:

    Several (all?) of those are Zynga apps. Zynga is a proud strategic partner of Facebook, with a five year commitment announced in May:

  9. YouDidWhatNow? says:

    So wait, let me get this straight…a free online service that makes no revenue at all from it’s bazillions of users, but does collect exabytes of data from each person who logs on…which is a treasure trove for marketing and data mining activities to every company in the world…might actually be trying to make money by giving access to that data?

    Wow, who would have thought that you couldn’t implicitly trust a free online service to safeguard every little piece of personal data you can possibly think up and regurgitate onto their site?

    I mean…there’s just no way you could have seen any such thing happening, right? It’s a free service, they’re just doing it out of the goodness of their hearts! They’re, like, philanthropists…right?

    • Megalomania says:

      You are missing the most important part: they explicitly tell users this will not happen. You can be as derisive and asinine as you like about how predictable this is, but the fact remains that both Facebook and the app writers lied to their users.

      • YouDidWhatNow? says:

        …my point is that if something looks too good to be true, it probably is. Case in point.

        That free lunch you were expecting…yeah, not so much.

        • mythago says:

          “We will sell your aggregate data, but will not personally identify you” != “free lunch”. If you can get over your need to announce how much smarter you are than the Internets for a minute, you might be able to grasp the idea that people can agree to one kind of exchange (you include me in your demographic data without identifying me personally, I get to use your service free) without agreeing to another (you can report anything you want about me, even if I told you not to and you agreed not to).

        • Coelacanth says:

          Since when did “we will not leak your personal data” become “too good to be true?”

          We’ve reached the point to where expectations are set so low now, haven’t we? Demand accountability.

          • YouDidWhatNow? says:

            I do demand accountability. My point is that you can’t expect to get something for nothing, and when a corporation (that’s hemorrhaging money) has vast amounts of your data they can sell to make revenue…or they can abide by their privacy policy and go bankrupt…what do you honestly think is going to happen?

            I suppose you show your ID to Huggy Bear when you book your ho too…he says he won’t violate your privacy, right? So it’s cool.

    • dg says:

      Bullshit. They don’t have to sell the PERSONAL data of their users to make money. They can do it like other companies – put ads up on their site, and sell that ad space to advertisers. They can aggregate and sell DEMOGRAPHIC information that doesn’t tie to a particular user (e.g. 52% of our users are male, 13% of our users are from the midwest) and make good money that way.

      But it’s too tempting for them to sweeten their pots and say “Hey – user X likes rye bread, user Y likes white bread, user Z likes Chevy’s…) and pitch that to advertisers for “targeted” advertising.

      On the surface, targeted advertising seems to benefit the consumer because they get to see what they’re interested in. However, it’s:

      a) Psychological manipulation. You buy what you’re interested in, so you’ll buy more – even if you don’t really need it.

      b) Risky to your life: Someone trying to do you harm now knows intimate personal details about you. Occurs rarely – but why allow it to happen at all to you? Why risk it just so you can see an ad for muffins instead of bagels?

      c) Risky to your livelihood: Employers troll these services. They find out that you drink EVERY weekend, correlate that with you being late every monday – and fire you. Or cut your insurance. Or raise your insurance rates. Or a potential new employer sees that you like to enjoy time with your friends every weekend and figures you will push back on working weekends, so they hire someone else. Or they don’t like the way you look – so they hire someone else. Or they don’t like your car, figure you’ll ask for more money to get a better one, so they hire someone else. Or they think your car is too good and you’ll want a better one or have to maintain that one and hire someone else. Or….

      d) You don’t get any real benefit. The companies make MILLIONS, you get some half-assed free service that only serves to extract more personal information from you, which puts you at risk.

      Facebook was designed to get college kids laid. It’s totally outgrown it’s original purpose, and is dangerous.

    • ARP says:

      Regardless of their business model, FTC doesn’t like it when your privacy policy says one thing and you do another. You must follow your privacy policy.

  10. Forrest says:

    So basically Zynga Games is being evil, sounds like business as usual.

  11. PlumeNoir - Thank you? No problem! says:

    Didn’t Zynga’s CEO admit that they basically sacmmed people?

    I can’t bring myself to be surprised that this is coming from the company whose CEO said, “I did every horrible thing in the book just to get revenues.”

    By fixing the “horrible things,” I presume they just hid them better than to stop doing them completely?

  12. TacomaRogue says:

    The Zynga CEO openly admitted that they were scamming people, if that isn’t enough of a warning that the company is shady, then I don’t know what is. Not saying that the people who are still playing these games deserve to have their info sold off, but seriously, what do you expect from a company that has not qualms with being a dick?

    • deathbecomesme says:

      soooo…..your saying they did deserve it lol

      • TacomaRogue says:

        No, because I understand that people are occasionally idiots and don’t read the news stories like those where-in douchy CEO’s admit to screwing people. They read the statement when they first play the game that says “we won’t sell your info” and expect that their info will in fact not be sold. We (those who tend to read more) are the ones who are not surprised that said douchy CEO’s are doing things such as this.

        I suppose I should have worded my comment a little better.

    • golddog says:

      Taco you and Plumnoir beat me to this. “a VP for the company tells the paper, “We didn’t do it on purpose.””

      Bullshit. Do we really have to get in to a Bill Clinton define “it” semantic argument here Mr. VP? Good job WSJ figuring out what anyone who looked in to FB for more than 5 minutes already knew.

      Is this why I can’t watch my regional sports or FX on DISH or Cablevision now…b/c you spent so much money on this exhaustive undercover investigation you have to make up for it in the TV content division?

  13. Miss Malevolent says:

    The funniest thing is, a bunch of users found an exploit in the Zynga Cafe World game, where you could get unlimited Cafe Cash.

    Zynga tamped that down quick and their initial comment on the matter was that they were trying to protect their users from scam websites that could harm their computers and “the integrity of the game”.

    Now we find that they are selling names off to “who knows who” for profit.


  14. PsiCop says:

    Now one can see why I never use any third-party Facebook apps. Not one. Ever. And when notifications come into my stream, from other users announcing they found a new baby seal or telling me I join their mafia posse, I block the app that sent it.

    • cheezfri says:

      Ummm, didja READ the article? Even people who use no apps, and have the strictest privacy settings, are having their info sold. If one of your friends uses Farmville, or any of the apps listed above, then Zynga is selling YOUR info.

      • Rectilinear Propagation says:

        But their point remains valid: Scummy behavior like this is why they don’t use the apps.

      • PsiCop says:

        Nevertheless, I block every app. All the time. Without fail. It might not prevent my information leaking out … but at least none of my Facebook friends will have THEIR information leaked, because of ME.

      • SrsRevo17 says:

        “Your name, profile picture, gender, networks and user ID (along with any other information you’ve set to everyone) is available to friends’ applications unless you turn off platform applications and websites.”

        I found that statement under the “Choose Your Privacy Settings > Applications, Games and Websites” page on Facebook.

        It seems as if you can prevent this from happening, but of course, it seems like the default is “ON” and the settings are buried so deep that few will find it.

        Also, under Application settings, you can view the settings for each Ap you may have used. It will tell you what info that the application is pulling off your profile, and if any data was recently recorded.

        You may also choose what profile information you choose to share with Friend’s Apps (In case you decide to leave that first option above to “ON”)

  15. drburk says:

    I didn’t make millions the wrong way on purpose either ;-)

  16. Duckula22 says:

    I was going to go to a few friends’ FB pages and post “Didn’t I tell you?” But then I was like “phuck it.” Anybody’s got a choice whether to be a dumbass or not.

    • mythago says:

      Well, they’re choosing to be your friends, so, yeah.

      • Duckula22 says:

        Dude, it’s not that I don’t care, it’s just that I’ve warned them before, and they still do nothing, because most of them are.. well… not that bright. So I’m not going to try to help those who do not want to be helped.

  17. electrasteph says:

    Oh no! Zynga games has learnt that I like to knit. It’s terrible! Now all I’ll see is ads for yarn everywhere! Wait a minute. I like yarn…

  18. c_c says:

    This is why I never accept any 3rd party app requests from friends on Facebook…

  19. Pax says:

    “FarmVille, Phrases, Texas HoldEm Poker, FrontierVille, Causes, Cafe World, MafiaWars, Quiz Planet, Treasure Isle and Heart. “

    FarmVille, Cafe World, MafiaWars, and FrontierVille are all run by the same company – Zynga.

    Some of the others may be run by them as well.

  20. Dirtylicious says:

    …thus the reason why I don’t use any “apps” on facebook.

  21. Blueskylaw says:


  22. FrugalFreak says:

    Let em share, not my correct name!

  23. Eli the Ice Man says:

    BREAKING NEWS: Canada is north of the United States. More to come!

  24. sopmodm14 says:

    facebook is the most technologically harmful application, lol