Remember the mind-blowing Netflix documentary, The Great Hack (released in 2019) which exposed the Cambridge Analytica scandal? The data leak from Cambridge Analytica was one of the most prominent data breaches ever. This infamous scandal was an exemplary illustration of an enterprise’s worst nightmare. Cambridge Analytica retrieved the personal data of 87 million Facebook users (and their friend’s data) through an App called, “This Is Your Digital Life” (released in 2013) which prompted users to answer questions for a psychological profile. This psychological profiled data was later used as a manipulation tool to target audiences during the 2016
In hindsight, we now know the lingering damage that was the outcome of this incident—what we fail to acknowledge is that it began with a new Facebook API (Application Programming Interface) “Open Graph,” released in 2010. This new API allowed external developers to connect to Facebook users and request permission to access a large chunk of their personal data, as well as access their Facebook friends’ private data too. Access to a user’s name, gender, location, birthday, education, political preferences, relationship status, religious views, online chat status, and more was fair game.
To businesses in the marketing industry or any industry for that matter—information is a gold mine for its financial bottom-line. The “Open Graph” and other APIs alike, opened the door for deep-diving into their audience’s everyday life patterns—grooming them to be more susceptible to buy their products. Although APIs sound like the burning coal needed in a business’s locomotive, if the temperature is not monitored correctly, the consequences can blow up the enterprise entirely.
If APIs can cause so much collateral damage, why do businesses use it? Here’s why—OptinMonster reported that global e-commerce is predicted to hit 4 trillion by the end of this year (factor in the effect that COVID-19 has had on brick and mortar retailers—it’s hard to imagine it won’t surpass that). The U.S. alone, is expected to have 300 million online shoppers by 2023—that’s 91% of the entire country’s population. Social media platforms, like Facebook and Instagram, use ad targeting to track every user’s buying patterns and engagement behaviours. Therefore, businesses need social connections with their consumers.
Stepping into the API arena is not a simple walk in a park, but better compared to a fight or die “Hunger Games” scenario.
The University of Phoenix did a survey revealing that nearly two in three U.S. adults, who have personal social media profiles, were aware that their accounts were being hacked. Furthermore, 86% agreed that these adults limited the personal information they post due to the fear of it being accessed by hackers. There isn’t a security difference between personal and business accounts on social media platforms, but rather only capability differences. Therefore, companies must be more diligent with their social media accounts as their identities getting in the wrong hands will reproduce more significant damage.
Other than hacking to retrieve personal data, phishing and brand impersonation can be just as harmful. With public relations and business reputation always hanging in the balance—no corporation wants their social media account taken over by hackers.
“To whom much is given, much is required,” is the trailblazer of all guidance, especially for businesses that gather millions of user’s data. When users connect their data through a request from your established APIs, treat that level of trust with the utmost security measures—not just for the financial bottom-line. Use the data only for the tasks the API request stated and be transparent about its intentions.
Using Social Media APIs have advantages and disadvantages—although the benefits may outweigh the risks when looking objectively at the financial gain. The data accessed possess a greater possibility of harming the entire business. Don’t be the next Cambridge Analytica. Instead, be smart and diligent—with high integrity stitched into every decision.