Facebook isn’t yet over the massive FTC fine that was slapped on the company recently. Now, it appears that the company has been hit by “another” Cambridge Analytica — or at least that what it looks like.
The company has banned a marketing company Hyp3r from Instagram’s ad platform because it reportedly exploited a “security lapse,” which allowed the agency to collect massive amounts of data.
The loophole allowed Hyp3r to collect the specific locations of millions of public posts. The marketing agency also violated terms of service by saving public Stories and harvesting data from public profiles (bio and followers).
While the company didn’t collect any private information, it still managed to create detailed profiles of users (without permission) that would make anyone uncomfortable. It used this data to throw ads in front of the users.
Facebook strictly prohibits the use of “automated means” to collect data without its approval, and it doesn’t share Stories data through its official developer framework.
Business Insider alleges that after Cambridge Analytica, Hyp3r welcomed the restrictions on location tools and other features on the surface.
However, it privately created a system that could bypass Facebook’s restrictions and harvest Instagram location info anyway.
Hyp3r allegedly went to the extent of reverse-engineering an Instagram framework that Facebook discontinued after the Cambridge Analytica affair.
While Facebook promised to provide more privacy after Cambridge Analytica debacle, this incident highlights, the shortcomings on Facebook’s part. What’s even more shocking is that Hyp3r was a part of Facebook’s list of trusted Marketing Partners.
In its defense, Hyp3r CEO Carlos Garcia says that its marketing system was “compliant with consumer privacy regulations and social network Terms of Services.”
He also claims that Hyp3r never monitored any private content, but it is hard to believe these claims given that the company had access to Stories after the usual 24-hour period.
Meanwhile, a Facebook spokesperson said that Hyp3r’s actions were unauthorized and it “violate[d] our policies.”