It looks like Facebook has another privacy issue on its hands, this time over its closed groups. CNBC reports that Andrea Downing, a moderator of a closed Facebook group, discovered that a Chrome extension called Grouply.io let her download names, employers, locations, email addresses and other info on the group's 9,000 members. The finding was especially troubling given that the group is for women who a have gene associated with a greater risk of developing breast cancer, medical information many don't want to share widely outside of the group.
Downing consulted a security researcher about the discovery who found that closed Facebook groups had a privacy loophole allowing Grouply.io to gain access to their information. The researcher, Fred Trotter, was also able to access information for Downing's group and others manually. He reported the issue to Facebook, which initially replied that it had at one point made member names "viewable" and later added that it was "exploring potential changes related to group membership and privacy controls for groups." After some back and forth between Facebook and members of the group Downing moderates, Facebook shut down the ability to collect this sort of information from closed groups. The social media giant told CNBC that the decision to do so was due to "several factors" but was not because of this specific group.
A Facebook spokesperson told CNBC that the company sent a cease-and-desist letter to the maker of Grouply.io earlier this year. The app, meant to assist marketers in collecting information en masse, has been discontinued.
Facebook has come under fire for failing to adequately protect its users' privacy a number of times this year including unblocking users' blocked accounts, setting users' privacy defaults to public and allowing millions of users' information to fall into the hands of Cambridge Analytica.
We've reached out to Facebook about this issue and we'll update this post if we hear more.