Since March, when news broke that the political consulting firm Cambridge Analytica[1] used a Facebook app to amass data on as many as 87 million people without their consent, the social networking giant has been forced to repeatedly answer for how it has given away user data and who it's given that data to. In the immediate wake of the scandal, Facebook rushed to defend itself in a blog post[2], saying that in 2014, it changed an element of its API to prevent apps from collecting data on their users' friends, as the Cambridge Analytica app did. Facebook has since specified that while it announced this change in 2014, apps that already had access to people's friends' data continued to have access until May 2015.
Then, in more than 700 pages[3] of written responses delivered to the House Energy and Commerce Committee late last month, Facebook acknowledged that some apps had this access for up to six months longer, to allow them to "come into compliance" with the new rules. There were dozens of companies on the list, including dating apps like Hinge and music streaming services like Spotify, but one may raise more than a few eyebrows in Washington: the Russian internet giant Mail.ru.
According to Facebook, Mail.ru was given a two-week extension to wind down a feature on two messaging apps that enabled users to see their Facebook friend lists and message with people who also had the Mail.ru apps. During the extension, at least, the app only had access to people's friend lists, not any information about those friends' likes or interests. And yet, long before that extension was in place, Facebook says Mail.ru ran hundreds of apps on the platform, all of which operated under Facebook's