Facebook has admitted it allowed other big tech companies to read users’ private messages, but denies it did so without consent.
The response came in a blog post by the firm Wednesday after a New York Times investigation found that Facebook gave companies including Netflix, Spotify and the Royal Bank of Canada the ability to read, write and delete users’ private messages. The report on Tuesday also said it permitted Microsoft’s Bing search engine to view the names of nearly all of a Facebook user’s friends without consent.
Facebook said it enabled partner companies like Spotify to access users’ private messages after a user had signed into Facebook through the partner company’s app.
“Did partners get access to messages? Yes. But people had to explicitly sign in to Facebook first to use a partner’s messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature.”
Both Spotify and Netflix, however, told The Times they were unaware they had this kind of broad access. Facebook told The Times it found no evidence of abuse.
“Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook or ask for the ability to do so,” a spokeswoman for Netflix said.
Spotify said it cannot read users’ private Facebook inbox messages across any of its current integrations.
“Previously, when users shared music from Spotify, they could add on text that was visible to Spotify. This has since been discontinued. We have no evidence that Spotify ever accessed users’ private Facebook messages,” a spokesperson for the company said.
As for other companies, a Microsoft spokesperson told CNBC in a statement:
“Throughout our engagement with Facebook, we respected all user preferences.”
RBC said its use of the Facebook platform was limited to the development of a service that enabled clients to facilitate payment transactions to their Facebook friends, which it decommissioned in 2015.
Amazon said in a statement:
This is not Facebook’s first privacy scandal this year. It is still struggling with the fallout from the Cambridge Analytica scandal in March and fighting regulatory fines. It has disclosed multiple breaches over the past few months, including a significant hack affecting up to 50 million users disclosed in September.