Facebook — which is still wiping fresh egg off its face after admitting that its applications had been "accidentally leaking" user information for years — has a bigger PR headache to deal with.
The social network said on Thursday that it had hired a public relations agency to launch a smear campaign against Google's "Social Circle."
The admission came after several reports that Facebook was behind the campaign to plant stories alleging that Google's new social feature violated user privacy and may have broken federal regulations.
"Now that Facebook has come forward, we can confirm that we undertook an assignment for that client," the PR firm, Burson-Marsteller, wrote in a statement to USA Today. "The client requested that its name be withheld on the grounds that it was merely asking to bring publicly available information to light and such information could then be independently and easily replicated by any media.
"Any information brought to media attention raised fair questions, was in the public domain, and was in any event for the media to verify through independent sources," the statement continued. "Whatever the rationale, this was not at all standard operating procedure and is against our policies, and the assignment on those terms should have been declined."
The news that Facebook was behind the attack on Google comes a day after Symantec, the security software manufacturer, said it recently discovered that Facebook applications have been "accidentally leaking" user information to third parties for years.
"Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information," Symantec's Nishan Doshi wrote in a post on the company's blog. "Fortunately, these third-parties may not have realized their ability to access this information."
Symantec said it reported this issue to Facebook, which took "corrective action" — but not before "hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties," according to the security developer. "We estimate that as of April 2011, close to 100,000 applications were enabling this leakage." Symantec said the Facebook app leaks date bate to 2007.
On Wednesday, Facebook moved quickly to diffuse Symantec's report, noting that it had "a few inaccuracies."
"We have conducted a thorough investigation," Facebook spokeswoman Malorie Lucich said in a statement, "which revealed no evidence of this issue resulting in a user's private information being shared with unauthorized third parties."
Facebook added that the Symantec report ignores the social network's agreements with third-party developers, "which prohibit them from obtaining or sharing user information.”
Of course, this isn't the first time Facebook has faced down questions about data security and privacy concerns.
Last year, the company said it would simplify privacy settings in the wake of mounting criticism over its complicated terms of service. In May 2010, Facebook founder Mark Zuckerberg was forced to call an emergency meeting to discuss a policy that made data public by default unless users opted out.
“Sometimes we move too fast,” Zuckerberg wrote in a Facebook post outlining changes to the policy. “And after listening to recent concerns, we're responding.”
