MySpace, apps found sharing UIDs despite promises
Ads still sending data to external agencies after pledge to discontinue practice
Social networking site MySpace has been found to be transmitting user data to external advertising companies despite having promised to discontinue the practice in May.
The WSJ, which is also owned by MySpace parent company News Corp, was behind an investigation revealing that MySpace was sending user ID numbers to advertisers when an ad was clicked.
These UIDs can then be used to view a user's profile, potentially revealing their name, age and location. At the time of the investigation, MySpace had promised to cease the sending of personal data to outside companies.
As well as MySpace itself, several apps on the site were found to still be using the practice including TagMe, Green Spot and RockYou Pets - which the Wall Street Journal reports as having 8.3, 1.6 and 6.1 million users respectively.
Whilst MySpace offered no comment as to its own sharing of UIDs, it did make clear that its policy forbids any apps from doing so.
"It has recently come to our attention that several third-party app developers may have violated these terms and we are taking appropriate action against those developers," read a satatement from the company.
Companies receiving the data included Google Inc., Quantcast Corp. and Rubicon Project, but all denied using the UIDs for any purpose. Some of the companies involved allegedly had no knowledge that the data was even passing through their systems.
RockYou have issued a statement clarifying the issue and pointing out that a third party company which worked with RockYou had been harvesting the data and passing it on externally.
"We have taken immediate action to indefinitely suspend their services in connection with RockYou and we are reviewing all third-party providers to ensure compliance with our platform partners' terms of service," said a RockYou representative.
The WSJ also exposed several Facebook apps, including Farmville, as using the same practice earlier this month, which resulted in several apps being removed from the service until the leaks had been rectified.
TagMe creators BitRhymes fell foul of a third party involved in the Facebook scandal, unknowingly transmitting user data to RapLeaf, a data gathering company named in many of the Facebook leaks. BitRhymes has since ceased trading with RapLeaf.
"(BitRhymes) has a strict policy of not passing personally identifiable information to any third parties," a representative told the WSJ. "When we were informed of the issue, any suspect relationship was immediately dissolved."