For the last
18 months some of Facebook’s developers have had access to private user information
contained within some of the social media site’s groups.
The information
was accessible through the Facebook Group’s API which allowed those developing
apps for a group to see information such as names and profile pictures in
connection with group activity, said Facebook’s Konstantinos
Papamiltiadis. This breach happened even though Facebook took steps in
April 2018 to limit developer access requiring group members to opt-in to
having their information disclosed.
Prior to
that time, group admins could authorize an app for a group, which gave the app’s
developer access to certain information about the group without any member approval.
A recent
review by Facebook disclosed some 100 partners retained access to the now
barred group data asking them to delete any information that may have been
viewed.
“We know at
least 11 partners accessed group members’ information in the last 60 days.
Although we’ve seen no evidence of abuse, we will ask them to delete any member
data they may have retained and we will conduct audits to confirm that it has
been deleted,” Facebook said.
This is just
the latest Facebook issue regarding data being exposed this year.
Gloss