One Audience, a data analytics firm based out of New Jersey, USA has been sued in a court in California by Facebook, following a finding that this company secretly harvested users’ data from Facebook.
One Audience is alleged to have paid some app developers to include an SDK (software development kit) in their apps, which is a malicious file. This malicious file would then collect data from Facebook or Twitter when the device user used that particular app to login. There are several websites and apps that let you login using your Facebook account. This SDK file implanted by One Audience will gain access to the personal details of the Facebook subscriber if he or she used the FB account to login to these apps containing the malicious file.
It was through a data abuse bounty programme by one of the security agencies that the involvement of One Audience in the skimming of data from Facebook accounts came to the fore. Apart from Facebook, whichever site was affected due to this malicious activity immediately went about pinning the offender down. They first issued the cease and desist letter, a kind of warning that they retain their legal rights to take One Audience to court but giving them the opportunity to first stop doing their illegal activity. The offending company was then asked to cooperate in conducting an audit. Since One Audience refused to cooperate, Facebook decided to drag the offender to court. Platform Enforcement and Litigation is a body dedicated to data privacy protection and hauling the offenders to court.
Facebook as well as Twitter appear to have been accessed by One Audience through its SDK file Mobiburn. The two social media platforms will inform their subscribers whose personal data like emails etc. have been compromised.
Facebook had earlier sued the Israeli company NSO that sells is Pegasus software for snooping into subscribers’ accounts.
Facebook says its actions in going after these agencies must be seen as evidence of its intent on keeping subscribers’ data private.