Facebook’s Instagram Ad Partner Hyp3r Secretly Collected and Stored Users Data
Originally published on:
Read the original article
August 08, 2019
A marketing startup, Hyp3r has received a cease and desist letter from Facebook-owned Instagram. The reason for it is a firm’s alleged secrecy in saving millions of Instagram users’ stories and other data.
A trusted marketing partner of Instagram and Facebook, Hyp3r has been secretly gathering and storing location as well as other data of millions of subscribers, in contrary to the regulations of the social platforms. It has been revealed in the Business Insider report.
It is difficult to investigate how it managed to do this for years without involvement by the platforms that were either complicit or ignorant.
Immediately after BI informed Instagram, the firm acknowledged that Hyp3r (termed HYP3R) had abused its laws and regulations and has now been eliminated from the system. In a statement, Facebook’s spokesperson confirmed the information provided in the report, purporting that:
“HYP3R’s actions were not sanctioned and violate our policies. As a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.”
Secretive Tools Used by Hyp3r
The report unearths that Hyp3r designed tools enabled it to gather public Instagram data, plus subscribers’ posts, locations they visited and profile details. The data could then be utilized by Hyp3r’s clients to reach out to individuals with ads. Hyp3r’s collected and stored, among other information, data from Instagram Stories which get lost after 24 hours and aren’t accessible via software Instagram avails to the third parties.
Hyp3r was breaching an Instagram feature that enabled any person to view information on public location pages, even if they were logged out of Instagram at the moment. Instagram intentionally did this to display details on the service and ensure that it appeared in Google search results. As a result, Instagram is shutting down permission to these location pages unless the subscriber logged into the platform.
In response, the Hyp3r team insisted that they didn’t abuse Instagram’s policies:
“Hyp3r is and has always been, a company that enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network Terms of Services. We do not view any content or information that cannot be accessed publicly by everyone online.”
High Level of Secrecy by Hyp3r
It’s still disturbing how Hyp3r could operate as a successful member of Facebook’s list of recommended firms and concurrently feature in such glaring violation of its rules and regulations. If these partners get even cursory reviews of their methods and products, wouldn’t it have been familiar to any knowledgeable auditor that there was the absence of trusted sources for the location, including other data that Hyp3r was gathering? Wouldn’t it have been common that it was participating in Automated Data Collection, which is strongly illegalized without Facebook’s authority?
This incident occurs after Facebook’s Cambridge Analytical scandal, which happened in 2018. The information leaked after a political consulting company accessed the data of over 87 million Facebook subscribers illegally, hence igniting a wave of negative publicity linked to how Facebook gathers, stores and protects information regarding users.