For the last 18 months some of Facebook’s developers have had access to private user information contained within some of the social media site’s groups.
The information was accessible through the Facebook Group’s API which allowed those developing apps for a group to see information such as names and profile pictures in connection with group activity, said Facebook’s Konstantinos Papamiltiadis. This breach happened even though Facebook took steps in April 2018 to limit developer access requiring group members to opt-in to having their information disclosed.
Prior to that time, group admins could authorize an app for a group, which gave the app’s developer access to certain information about the group without any member approval.
A recent review by Facebook disclosed some 100 partners retained access to the now barred group data asking them to delete any information that may have been viewed.
“We know at least 11 partners accessed group members’ information in the last 60 days. Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” Facebook said.
This is just the latest Facebook issue regarding data being exposed this year.