When is a Facebook application blocked?

Data leaks on Facebook: this is how users check whether they are affected

On the Easter weekend of 2021, a message startled numerous Facebook members: Personal data of more than 530 million of them are said to have been published on the Internet. This should also include data from around 6 million users in Germany. According to media reports, they were probably captured via a security hole that Facebook claims to have closed in August 2019. At that time, mobile phone numbers from Facebook profiles were accessible unencrypted. Through the so-called scraping, such information can be merged with other personal data. If you want to ask questions about the incident on Facebook, you will find a special online form in the help area of ​​the social network.

But even without a security gap, data from Facebook users can still be accessed - not only on Facebook. User data from the LinkedIn career network is also offered for sale by criminals, reports e.g. the specialist magazine heise.de. The explosive factor here is that network members often publish such data themselves without being aware of it. As in March 2018, when it became known that the British analysis firm Cambridge Analytica is said to have collected personal data from 87 million Facebook members via a Facebook application. She is said to have abused this for election advertising, especially in the USA. Those affected did not know about it. In Germany, around 310,000 Facebook users are said to have been affected by the data affair.

It turned out that Cambridge Analytica is not an isolated incident. For example, in September 2018, developers were able to access photos from around 7 million users through a glitch, even if they had not been publicly uploaded. In December 2019, it was announced that the personal data of 267 million Facebook users was openly available on the Internet. They too may have been collected unnoticed with apps.

Facebook offers exam

On this page in the help area, Facebook users can check whether they have used apps in the social network that have collected unauthorized data. According to its own information, Facebook blocks such applications as soon as they attract attention. Originally the page was set up to show if Facebook members or any of their friends have ever used the Facebook application "This Is Your Digital Life". This enabled Cambridge Analytica to access the user data.

In the meantime, the page has been structured more generally and checks access from other applications that Facebook has blocked. In addition, there is a direct link to the area in the extensive settings in which the access rights for apps and websites can be managed.

"Login with Facebook" is also usually done via an app

It is important to know that in this case Facebook does not mean its own apps that can be installed on smartphones and tablets. It's about programs that use Facebook as a platform and are also referred to there as apps. Even those who think that they have never consciously activated such applications could find some entries on the page in the settings. Such apps are used by companies, for example, to enable Facebook login on their own pages. This means that the user does not have to create a new account on the website and does not have to remember another password. However, this method also has disadvantages, which we explain in the article about "Single Sign-On".

In a separate article we also explain how you can make changes to app access on Facebook.

Further options for testing

Even if Facebook indicates that you have not used a blocked app, your data can still be misused on the Internet. This applies in particular to login data (user name and password) for a wide variety of online services. For example, you can enter your e-mail address into the HPI Identity Leak Checker of the Hasso Plattner Institute at the University of Potsdam and you will then receive an e-mail stating whether your address and other data are in known dubious databases. Apple's Safari browser and others such as Firefox and Chrome now also offer options to inform you about password publications.

What should those affected do?

If your data is circulating in shady databases or has been stolen by hackers, act!

  1. Change your password for the affected website. Pay attention to the common rules for a strong password and use a different one for each account.
  2. Be especially skeptical about emails and SMS from unknown sources. In the phishing radar, we show typical characteristics of fraudulent messages. Do not open any links or attachments in such messages.
  3. If possible, change your email address and mobile phone number. Especially with the email address, it makes sense to use more than one - e.g. one for social networks, another for friends and family, a third for contracts, etc.

Until the beginning of April 2018, Facebook offered the option for users to determine which of their data could be accessed by those apps that their friends had activated. "Apps used by other users" was the name of the area that has since been removed. According to Facebook, apps are generally no longer allowed to access information from friends.