Facebook Developers Sold User IDs to Data Brokers

In the wake of a controversy surrounding the security of Facebook user IDs, the social-networking site on Friday admitted that several of its developers sold UIDs to data brokers.

"As we examined the circumstances of inadvertent UID transfers, we discovered some instances where a data broker was paying developers for UIDs," Facebook engineer Mike Vernal wrote in a blog post.

Private user data was not sold, Vernal said. Facebook has since suspended the developers for six months. If they wish to return to the Facebook developer community, they will have "to submit their data practices to an audit in the future to confirm that they are in compliance with our policies," he wrote.

Facebook did not reveal the names of the developers in question except to say that they are about a "dozen, mostly smaller" developers that are not among the top 10 applications on the site. Facebook also reached a deal with data broker Rapleaf whereby the company will delete all Facebook UIDs and stop conducting any activities on Facebook Platform going forward.

"In taking these steps, we believe we are taking the appropriate measures to ensure people stay in control of their information, while providing developers the tools they need to create engaging social experiences," Vernal wrote.

The issue over Facebook UIDs made headlines several weeks ago when the Wall Street Journal published a story that said Facebook apps share users' personal information with advertising networks and other Internet-tracking companies. That, apparently, did include the top 10 apps on Facebook, as well as Rapleaf. Facebook later said it would encrypt UIDs going forward.

On Friday, Facebook further clarified its app privacy policy to "state that UIDs cannot leave your application or any of the infrastructure, code, and services you need to build and run your application," Vernal wrote.

Services like Akamai, Amazon Web Services, and other analytics options are allowed "as long as those services keep UIDs confidential to your application." This week, Facebook will also release a way to share identifiers anonymously with third parties like content partners, advertisers, or other service providers. Developers will be required to use this mechanism by January 1.

About Our Expert

Chloe Albanesius

Executive Editor, News

My Experience

I started out covering tech policy in DC for The National Journal, where my beat included state-level tech news and all the congressional hearings and FCC meetings I could handle. I later covered Wall Street trading tech before switching gears to consumer tech. I now lead PCMag's news coverage.

My Areas of Expertise

Getting my start in DC means I still have a soft spot for tech policy; Congressional hearings can sometimes be as entertaining as a Bravo reality show, for better or worse. But PCMag is all about the technology we use every day, as well as keeping an eye out for the trends that will shape the industry in the years ahead (or flop on arrival). I've covered the rise of social media, the iOS vs. Android wars, the cord-cutting revolution that's now left us with hefty streaming bills, and the effort to stuff artificial intelligence into every product you could imagine. This job has taken me to CES in Vegas (one too many times), IFA in Berlin, and MWC in Barcelona. I also drove a Tesla 1,000 miles out west as part of our Best Mobile Networks project. Of late, my focus is on our hard-working team of reporters at PCMag, guiding and editing their robust coverage.

Read the latest from Chloe Albanesius

Read full bio