Hacker News new | past | comments | ask | show | jobs | submit login

I still don’t understand the breach part. It just seems like Facebook app developers used Facebook exactly as it was set up, and then resold the data.

It is more of misuse than a breach. The data was provided to a guy for academic research, but the guy sold it to a third party. That is where the 'breach happened.

Imagine a clinic has a policy that allows patient data to be released to non-patients but a court decides that the use violates HIPPA. There would be no technical breach of security, but rather a breach of responsibility.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact