Major Facebook apps have been leaking user IDs, including FarmVille

Facebook cannot seem to get its act together. Fresh off a string of controversies about protecting the information users wish to keep private, the world’s largest social network has admitted that many of its largest games and applications have been leaking user IDs to advertising networks. In fact, the 10 most widely used games and apps on Facebook are transmitting these UIDs, says the Wall Street Journal. Three of the top 10 apps, including Zynga Game Network Inc.’s FarmVille (59 million users) also transmit personal information about a users friends to other companies.


The user ID is the number associated with every user on the site. Before Facebook allowed customized URLs for profile pages, it was easy for anyone to find this number. The user ID is not a private part of a person’s Facebook profile. Knowing someone’s UID will only grant access to the information that user has set to share with “everyone,” which is usually very basic pieces of data like pictures, hometown, age, job, musical preferences, etc. However, when given in bulk, these numbers can provide a database of track-able information to advertisers.

Facebook’s Mike Vernal publicly responded to the controversy on the company’s developer blog, claiming that many publishers have, in fact, violated its privacy policy by sharing UIDs with ad networks, but added that most companies “did not intend to pass this information, but did so because of the technical details of how browsers work.”

This is not the first UID leak problem the company has faced. In May, the WSJ discovered that Facebook itself was sharing UIDs with advertising networks through its ad sales. Much like today, Facebook admitted the problem and claimed it did not intend to share the user IDs. The company says that the current problem is more challenging.

Still, there are 550,000 third party apps on Facebook and 70 percent of the companies 500 million users utilize at least one app each month. Holding all-hands security meetings is nice, but Facebook must prove it is capable of honoring and enforcing its own privacy policy.