Facebook loophole allows third-party discover of users in private groups
In July 2018, the leader of a private Facebook group for women with the BRCA gene, which is associated with high breast cancer risk, discovered that a Chrome plug-in was allowing marketers to harvest group members' names and other information. The group was concerned that exposure might lead to other privacy violations and discrimination from insurers. The company shut down the extension and closed the loophole. The case is of particular concern because the US Heath Insurance Portability and Accountability Act (HIPAA), which governs the privacy of health data, applies to medical records but does not cover information posted to social media.
Writer: Kate Fazzini and Christina Farr