Users on Facebook can now earn a reward when they identify and report malicious platform app collecting data and another person abusing it.
Facebook is calling it the Data Abuse Bounty.
“We want to protect out users’ data from malicious abuse of trust,” the company wrote in a blog post. “This means protecting it via finding and fixing security vulnerabilities, but also from third party companies or apps buying or collecting their data through other means barred by our terms. This program is to encourage and reward people for helping Facebook identify and stop anyone involved in this practice.”
On Monday, Facebook revealed that about 271,469 data belonging to Nigerians on Facebook, whose friends would have installed the ‘This is Your Digital Life’ app, were exposed to the Cambridge Analytica data breach. Meanwhile, 78 Facebook users in Nigeria installed the app on their phone.
In a statement BusinessDay received, Facebook said the disclosure is to encourage people to manage the apps they use.
“We already show people what apps their accounts are connected to and control what data they have permitted those apps to use through app settings,” a spokesperson for Facebook said. “We are putting a link at the top of people’s News Feeds to make sure that everyone sees it. Furthermore, it is important for us to tell people if and how their data may have been accessed via This is Your Digital Life.”
Last week, the company had revealed that the data of about 87 million users on its platform were harvested without authorisation by Cambridge Analytica (CA). Users in the United States accounted for over 70 million (about 97 percent) of the data breach while 16 million of the total number of users affected came from countries outside the United States. The countries listed were Philippines, UK, Indonesia, United Kingdom, Mexico, Canada, India, Brazil, Vietnam and Australia.
The new press release from Facebook does not say whether Nigeria is part of the remaining 16 million users outside the United States or that more than 87 million would have been affected.
The company however said it is taking numerous measures.
“One of those being that everyone globally on their Facebook page will see an alert leading them to the apps setting where they can review the apps they have allowed to access their data. Additionally, those potentially impacted by CA will also see the alert which will then take them to see what data might have been shared,” Facebook noted.
Nigerians, who want to find out whether their data were shared by with Cambridge Analytica, can look out for a link named ‘protecting your information’ link at the top of their news feed. Following that link, users will be directed to a section where they can see which apps and websites they have used Facebook to log into, and remove any they no longer want connected to their account.
Above the link, users who may have been affected by the data scandal will see the message: “We have banned the website ‘This is Your Digital Life,’ which one of your friends used Facebook to log into. We did this because the website may have misused some of your Facebook information by sharing it with a company called Cambridge Analytica.”
In addition, Facebook has committed to inform ever user on the platform from 5pm on Monday, whether they are among the 87 million potential users whose data was shared with Cambridge Analytica.
The company also suspended a data analytics firm called Cubeyou ahead of an investigation. Facebook plans to look into whether Cubeyou collected data for academic purposes and then used it commercially, following a partnership with Cambridge University in the UK.
“We will review all legitimate reports and respond as quickly as possible when we identify a credible threat to people’s information,” Collin Greene, head of Product Security, Facebook. “If we confirm data abuse, we will shut down the offending app and take legal action against the company selling or buying the data, if necessary. We will pay the person who reported the issue, and we will also alert those we believe to be affected.”
The company also said it will reward people with first-hand knowledge and proof of cases where a Facebook platform app collects and transfers people’s data to another party to be sold, stolen or used for scams or political influence.
“Just like the bug bounty program, Facebook will reward based on the impact of each report. While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to Facebook’s attention,” Greene said.