Wasn't this already known though? There was an undiscovered bug that allowed organizations access greater than they were supposed to have, I feel like it's beating a dead horse by this point.
1. It wasn't a bug, it was a feature. The API explicitly allowed apps access to friends' information. They weren't exploiting the API.
2. The article describes the Cambridge Analytica database in particular being available "to verified researchers" but someone threw credentials onto GitHub where anyone could have borrowed them
I feel like this issue, and others like it, cannot be thrown in people's faces enough. People need to get angry to affect change.
If we want our industry to take privacy seriously, we need people to take a principled stand. Making them aware of, and outraged over, flagrant violations of your privacy, and trust, is the easiest way to do that.
The battle is lost. People by and large have decided that it is worth sacrificing most of their privacy to use "free" services like Facebook and google. The only relief at this point is regulatory.
Privacy? What privacy? It most jurisdictions in this country I can search property records, obtain the names of those owning if not in residence, property values, when purchased and so on. Then I can cross reference other government databases and eventually onto private setups like the one in the article.
people and washington are bemoaning what happens at Google, Facebook, and the like, yet totally ignoring all the information readily available to the public for anyone to take from government itself.
Example, if you know a street address or owner's name in Cobb County Georgia will allow you to search. The amount of information available there is and the type is far more dangerous than what was discovered via a facebook quiz.
2. The article describes the Cambridge Analytica database in particular being available "to verified researchers" but someone threw credentials onto GitHub where anyone could have borrowed them