The gap that Hyp3r exploited allowed her to concentrate on the exact locations of millions of public posts. It also violated the terms of service by publicly storing stories and collecting data from public profiles (bio and followers).
Although the company did not collect any personal information, it was able to create detailed user profiles without their permission. He also used this data to present a personalized one advertisements users.
Facebook strictly prohibits the use of "automated media" for data collection without its consent and does not share story data through the official development framework.
Business Insider claims that in the wake of the Cambridge Analytica scandal, Hyp3r has seemingly accepted restrictions on location tools and other features.
However, he secretly created a system that could bypass Facebook's restrictions and track Instagram's location information.
While Facebook has promised to provide more protection privacy after the Cambridge Analytica disaster, this new incident highlights the company's weaknesses on this issue. What's worse is that Hyp3r was part of Facebook's list of trusted marketing partners.
In his defense, Hyp3r Managing Director Carlos Garcia says the company's marketing system was "in line with consumer privacy regulations and social networking terms".
He also claims that Hyp3r has never gotten any private content, but it's hard to believe those claims, given that the company had access to stories after the 24 hours period that was visible to user profiles.
Meanwhile, a Facebook spokesman said Hyp3r's actions were unauthorized and "violate our policies".