Don’t Be the Next Cambridge Analytica – Dangers of Social Media APIs

Remember the mind-blowing Netflix documentary, The Great Hack (released in 2019) which exposed the Cambridge Analytica scandal? The data leak from Cambridge Analytica was one of the most prominent data breaches ever. This infamous scandal was an exemplary illustration of an enterprise’s worst nightmare. Cambridge Analytica retrieved the personal data of 87 million Facebook users (and their friend’s data) through an App called, “This Is Your Digital Life” (released in 2013) which prompted users to answer questions for a psychological profile. This psychological profiled data was later used as a manipulation tool to target audiences during the 2016 presidential election. As a result, the data breach quickly established an expiry date for the tech giant.

Missing the wire that triggered the fire.

In hindsight, we now know the lingering damage that was the outcome of this incident—what we fail to acknowledge is that it began with a new Facebook API (Application Programming Interface) “Open Graph,” released in 2010. This new API allowed external developers to connect to Facebook users and request permission to access a large chunk of their personal data, as well as access their Facebook friends’ private data too. Access to a user’s name, gender, location, birthday, education, political preferences, relationship status, religious views, online chat status, and more was fair game.

To businesses in the marketing industry or any industry for that matter—information is a gold mine for its financial bottom-line. The “Open Graph” and other APIs alike, opened the door for deep-diving into their audience’s everyday life patterns—grooming them to be more susceptible to buy their products. Although APIs sound like the burning coal needed in a business’s locomotive, if the temperature is not monitored correctly, the consequences can blow up the enterprise entirely. 

APIs, businesses, and the risks in between.

If APIs can cause so much collateral damage, why do businesses use it? Here’s why—OptinMonster reported that global e-commerce is predicted to hit 4 trillion by the end of this year (factor in the effect that COVID-19 has had on brick and mortar retailers—it’s hard to imagine it won’t surpass that). The U.S. alone,  is expected to have 300 million online shoppers by 2023—that’s 91% of the entire country’s population. Social media platforms, like Facebook and Instagram, use ad targeting to track every user’s buying patterns and engagement behaviours. Therefore, businesses need social connections with their consumers.

Stepping into the API arena is not a simple walk in a park, but better compared to a fight or die “Hunger Games” scenario.

Here are three of the most significant inherited risks, resulting from using APIs in your business.

1.     Hacked Accounts

The University of Phoenix did a survey revealing that nearly two in three U.S. adults, who have personal social media profiles, were aware that their accounts were being hacked. Furthermore, 86% agreed that these adults limited the personal information they post due to the fear of it being accessed by hackers. There isn’t a security difference between personal and business accounts on social media platforms, but rather only capability differences. Therefore, companies must be more diligent with their social media accounts as their identities getting in the wrong hands will reproduce more significant damage.

2.     Phishing & Brand Impersonation

Other than hacking to retrieve personal data, phishing and brand impersonation can be just as harmful. With public relations and business reputation always hanging in the balance—no corporation wants their social media account taken over by hackers. 

Businesses should follow these protocols to prevent such happening:

  • Change passwords every 30-60 days and after every employee change.
  • Monitor and keep to a minimum the number of users with access to their account login information.
  • Keep any API technology up to date by hiring an experienced developer to keep track of the third-party’s software changes.

3.     Use Entrusted Data Appropriately

“To whom much is given, much is required,” is the trailblazer of all guidance, especially for businesses that gather millions of user’s data. When users connect their data through a request from your established APIs, treat that level of trust with the utmost security measures—not just for the financial bottom-line. Use the data only for the tasks the API request stated and be transparent about its intentions.

The cautious acceptance.

Using Social Media APIs have advantages and disadvantages—although the benefits may outweigh the risks when looking objectively at the financial gain. The data accessed possess a greater possibility of harming the entire business. Don’t be the next Cambridge Analytica. Instead, be smart and diligent—with high integrity stitched into every decision.