This week an alarmed developer who contacted, informed that the Facebook App Analytics weekly summary email has been delivered outside their company. Which probably contains sensitive business information, including weekly average users, page views and new users?
Forty-three hours after they contacted the Facebook about the issue, the social network now confirms that the 3 percent of the apps using Facebook Analytics has their weekly summary report sent to the testers of the apps, instead of only the app developer’s, admins and analysts..
The testers are often the people who are outside of the developer’s company. If the leaked information got into the hands of app’s competitor, it could provide them an advantage, At least they were not be able to allowed to click to view the extensive analytics data on the Facebook website.
Facebook said that they have fixed the problems and they believe no personal information or contact information was improperly disclosed. They plans to notify all the affected developers about this leak today and they have already started it.
Update: 1pm Pacific: TechCrunch was provided with over this statement from the Facebook Spokesman:
“Due to an error in our email delivery system, weekly business performance summaries we send to developers about their account were also sent to a small group of those developer’s app testers. No personal information about people on Facebook was shared. We’re sorry for the error and have updated our system to prevent it from happening again.”
Below you can find the email the company is sending:
Subject line: We recently resolved an error with your weekly summary email
We wanted to let you know about a recent error where a summary e-mail from Facebook Analytics about your app was sent to testers of your app ‘[APP NAME WILL BE DYNAMICALLY INSERTED HERE]’. As you know, we send weekly summary emails to keep you up to date with some of your top-level metrics — these emails go to people you’ve identified as Admins, Analysts and Developers. You can also add Testers to your account, people designated by you to help test your apps when they’re in development.
We mistakenly sent the last weekly email summary to your Testers, in addition to the usual group of Admins, Analysts and Developers who get updates. Testers were only able to see the high-level summary information in the email, and were not able to access any other account information; if they clicked “View Dashboard” they did not have access to any of your Facebook Analytics information.
We apologize for the error and have made updates to prevent this from happening again.
One of the affected developer from this leak said, Not sure why it would send a business metrics to the app users. He said that he had added dozens of people as testers which could only login to the app… not access the information!” They are still waiting for the disclosure from Facebook.
Facebook probably would not disclose the numbers of apps that are impacted by this error. Last year probably they announced 1 million apps, sites and bots were on Facebook Analytics. However, the issue only affected the apps, and just the 3 percent of them.
Well facebook is been working hard to patch the app platform privacy holes since the Cambridge Analytica scandal, where they are removing access to many APIs and strengthening human reviews of apps, issues like today’s make it hard to believe Facebook handles over 2 billion users.