Facebook has announced that as many as 100 software developers might have improperly accessed and stored user data, including the profile pictures and names of group members
In a blog post, they said: “Since April of 2018, we’ve been reviewing the ways that people can use Facebook to share data with outside companies…Before April 2018, group admins could authorize an app for a group, which gave the app developer access to information in the group.”
The flaw in the Groups API gave business a backdoor to access information, allowing individuals and organisations to view and harvest the personal information of group members.
The company has stated that it has now revoked this access, and it plans to reach out to “roughly 100 partners” who may have accessed the information.
“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” Facebook said.
Facebook has been restricting software developers’ access to user data after the now infamous Cambridge Analytica scandal in March 2018.
The British political consultancy firm developed an app to survey Facebook users. However, a flaw in Facebook’s API gave Cambridge Analytica access to the data of 87 million users, which it used to target ads to sway the 2016 presidential election.
Following the scandal, Facebook stated in September that it had suspended tens of thousands of apps for inappropriately sharing user data, making data publicly available without protecting user identities or failing to respond to information requests from the company.
Facebook said: “As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed. We are committed to this work and supporting the people on our platform.”
It is not yet known how many users were affected by this.