It didn't do what _Cambridge Analytica_ is accused of doing, but it did do what a lot of people are freaked out Facebook can do; namely provide third parties with detailed user information.
Using this information in 2012 was lauded as a great idea that helped drive Obama to success. _Cambridge Analytica_ did it in a more slezy way that violated Facebook's Terms of Use-- they lied to Facebook in terms of what the data was used for and the fact they were harvesting it to form a database.
Yet Facebook is not painted as a victim here, because now the idea of using your "likes" to target ads is not applauded, its frowned upon. And yes, Obama also did the whole whole "friends who didn't explicitly use the app" thing (which has since been disabled from Facebook's APIs, I think since v2.0 in 4/30/2014):
> The campaign boasted that more than a million people downloaded the app, which, given an average friend-list size of 190, means that as many as 190 million had at least some of their Facebook data vacuumed up by the Obama campaign — without their knowledge or consent.[1]
They failed to disclose the issue (which they knew about for quite some time) and in fact continued to profit form the relationship with CA. I don't seen a reasonable expectation that they should be considered a victim.
I actually agree with you, this could be handled better by them. I'm personally a little confused by the details and timings though; where did you read about them profiting after they knew about the issue?
I'm working under the impression that they were aware of the specific "breach" some months ago, and only terminated their dealings with CA once the matter became public (so cutting off the revenue stream was done CA as a reaction to bad PR, not because of any moral rightness or a reaction to any policy or contract breach).
Oh, I was under the impression that business relation was with some university researcher and finished a while ago. The researcher didn't delete the data, and instead brought it to CA (Facebook didn't deal with CA directly). Facebook found out some time ago but did nothing more than tell them to delete it and trust they would, without really informing anyone or pushing further.
