Facebook removes Slide's Top Friends application due to security hole

Updated with a response from FacebookSlide is one of the largest third-party application developers on leading social network Facebook, and both share an investor in venture firm the Founders Fund. But all that apparently wasn’t enough to stop Facebook from at least temporarily removing one of Slide’s most popular Facebook applications, Top Friends.

Top Friends let you pick and choose who among your many Facebook friends are your favorites, including a box on your profile page that would show a list of everyone who you’d listed as a Top Friend. It also included a number of game-like features like being able to give awards to your most favorite friends. It also included a security hole: A way for someone with a little technical knowledge to view information about other Facebook users through the Top Friends application, whether or not they were Facebook friends with them in the first place. For example, there’s a screenshot of Facebook chief operating officer Sheryl Sandburg, above — taken by CNET after the news organization was notified of the security hole by a third-party developer.

Facebook shut down Top Friends last night, shortly after being contacted by CNET about the issue, saying that Slide was breaking the site’s terms of service by allowing anyone who had the Top Friends application installed to access such user data, which included users’ birthdays, gender, and relationship status. Now, presumably, Slide is working hard to restrict what information about other users Top Friends shows you.

As of this morning, Top Friends is still offline. Which means the window for Top Friends’ much smaller rivals, including Auto Top Friends (912 daily active users) and Super Top Friends (1,922 daily active users), is still open.

However, that window is likely about to shut — I expect Facebook to turn Slide’s Top Friends back on shortly.

Update from Facebook:

Providing a trusted environment for our users is a paramount concern for all of us at Facebook; we are continuously focused on safeguarding user information. We have built options and controls into Facebook that are designed to offer our users choice and control, and to provide clear guidelines for developers.

In order to build on Facebook Platform, third-party developers agree to comply with technical and policy guidelines that strictly limit their collection, use and storage of user profile information. Access by applications to user data is strictly controlled – If we learn that an application is in violation of our terms and policies, we take appropriate action to bring it into compliance or remove it entirely.

We have suspended the Top Friends application while we investigate violations of our Terms of Service. We recognize this is a popular application and don’t take this action lightly.


We're studying digital marketing compensation: how much companies pay CMOs, CDOs, VPs of marketing, and more, with ChiefDigitalOfficer. Help us out by filling out the survey, and we'll share the results with you.
0 comments