Facebook has revealed that it unknowingly gave outside developers access to some private user information.
The social media giant explained that since April 2018, it has removed or restricted a number of its developer application programming interfaces (APIs), including the Groups API, so that an app can only access personal information such as a user’s name and profile picture in connection with group activity if members opt-in. Yet for the past 18 months, some third-party developers who used the company’s Groups API were still able to see that extra information.
“We recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended. We have since removed their access. Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time,” wrote Konstantinos Papamiltiadis, Facebook’s director of platform partnerships.
So far, at least 11 partners — mainly social media management and video streaming apps — have accessed group members’ information in the last 60 days, with Papamiltiadis adding that Facebook has not seen any evidence of abuse. Still, the company will be requesting that partners “delete any member data they may have retained and we will conduct audits to confirm that it has been deleted.”
“We are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time,” he wrote.
Group APIs came under scrutiny during the Cambridge Analytica scandal, when the data of millions of Facebook users was accessed to help Donald Trump get elected U.S. President. In September, a federal judge ruled that a class-action suit against Facebook can proceed. covering users in the United States and the United Kingdom who are seeking damages from the company for allowing third parties such as Cambridge Analytica to access their private data.