Just Don't Play Facebook Games

If you're my friend on Facebook, please don't play games on Facebook. When you do, you authorize Facebook to share your profile information with the game company. This often includes details such as the Facebook user ID, a list of Facebook friends (that's where I come in), likes, photos, groups, checkins, and user preferences like movies, music, books, interests, and other.

Once the game company has your data (and mine) Facebook has no control over what the game company does with it or who it shares it with.

Oh, I'm sure they have policies about what can be done with the data but there really is no way to enforce it.

As an example, the company that operated the "At the Pool" Facebook game, left all their Facebook user profiles, etc, on a publicly accessible Amazon Web Services (AWS) server for anybody to access.

Here's an excerpt from an article on ZDNet on this Facebook data leakage:

[T]he company has lost control over its most important asset - its users' data - which is now leaking left and right from all the no-name companies and mom-and-pop developer firms who've collected it over the past few years.