Sen. Mark Pryor, D-Ark., called on the Federal Trade Commission Wednesday to investigate a security flaw in applications available on Facebook that may have put user data at risk.
In a letter to FTC Chairman Jon Leibowitz, Pryor said his concerns stem from a story Wednesday in the Wall Street Journal that said a security flaw in 100,000 Facebook apps may have inadvertently given some third parties, such as advertisers, access to some information on the social network's users' profiles.
"The article troubles me because many consumers, particularly young consumers, use social networking websites on a regular basis to communicate and exchange messages with friends, often relying upon a sense of control over the information they choose to share," wrote Pryor, chairman of the Commerce Committee's Consumer Protection Subcommittee. He asked the FTC to respond to his request by May 25.
Pryor's concerns were echoed by Reps. Joe Barton, R-Texas, and Ed Markey, D-Mass., both senior members of the House Energy and Commerce Committee. They sent a letter Wednesday to Facebook CEO Mark Zuckerberg with a series of questions about the extent of the security flaw and what his company has done to address the issue. They've asked for a response by June 2.
"While Facebook reportedly now has fixed this particular issue, we remain concerned about how the problem arose in the first place, was allowed to persist undetected for such a long period of time and could recur in some form in the future," the lawmakers, co-chairmen of the House Bipartisan Congressional Privacy Caucus, said in the letter to Zuckerberg. Last fall, they raised similar concerns about third-party access to Facebook user information.
Facebook maintains that it worked with Symantec, which helped identify the problem, to immediately fix the issue after it was revealed and that it does not believe any user data was compromised.
"We've conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties," Facebook spokesman Andrew Noyes said in a statement. "The report also ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that violates our policies."