As of last Friday, Facebook will no longer display audience reach estimates to advertisers when using Custom Audience targeting in their campaigns.
As stated by Marketing Land, a team of researchers from Northeastern University recently reached out to Facebook to alert them about a potential vulnerability in the reach estimates feature in Custom Audiences. This finding comes from the same team that discovered a Facebook bug back in May of 2017 that posed another threat to user’s security and privacy.
Back in May 2017, the research team notified Facebook that their targeting tool made it possible for advertisers to gain access to individuals’ phone numbers through their email addresses. Wired revealed that this bug also made it possible to obtain user’s phone numbers after they visited a particular webpage. It was a clear breach of privacy, and as a result, Facebook fixed the issue back in December 2017. However, they are now facing new issues related to Custom Audiences’.
By using Facebook’s reach estimates, advertisers will typically get insights about their audience to help inform their campaign. For example, if they upload a list of 7000 individuals’ email addresses, they might be able to see that 4000 of these email addresses belong to females, and the other 3000 belong to males. This sort of information is harmless to Facebook users, however, the vulnerability that Northeastern University’s researchers found presents a potential threat to their privacy and personal details.
Fundamentally, the vulnerability makes it possible to collect a particular user’s personal information that Facebook would only usually reveal as an aggregate, not individually. From here, one could use this information to create detailed user profiles, which goes against Facebook’s commitment to peoples’ security and privacy.
Marketing Land reported that the team who made this discovery informed Facebook about the issue last week using their “bug bounty program”. They are also being rewarded for their research via this program.
Mary Ku, a director of product management at Facebook, asserted the following: “We’re grateful to the researchers who found this issue, and we’ve suspended this feature to fix it. People’s privacy and security is incredibly important to Facebook, which is why we take any potential abuse of our service very seriously…”
Subsequently, the team of researchers who uncovered this vulnerability is continuing to research Facebook’s advertising features to detect any other issues that would make user’s data susceptible to privacy infringement.
Facebook has expressed that they are investigating the problem, but they do not believe that their ad-targeting tool has been abused to access user’s personal information.
For the time being, Facebook has suspended audience reach estimates in campaigns using Custom Audience targeting until they have corrected the problem. Advertisers can expect to be made ware of the change on Friday, March 30th 2017.
Source: Marketing Land