Facebook has disclosed another privacy breach which involves around 100 developers. Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships stated in a blog post that the names and profile pictures of users connected to Groups and the system’s API were accessible.
Before April 2018, group administrators were able to authorize an app for a group they managed, allowing the application developer to access this information.
From April, the information access was restricted to just the group’s name, the number of users, and post content unless the users chose to share their name and profile picture. But despite of this restriction, some apps retained access to this additional data until recently.
Papamiltiadis said that as part of their ongoing review, they found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API. They have then removed their access.
Around 100 developers may have accessed this information and the company is now reaching out to developers. Even though there is no evidence of misuse, Facebook will ask them to delete any group member data the developers may have collected. Audits will be conducted to make sure developers comply.
The apps involved were related to social media management and video streaming software. Facebook did not disclose the total number of users affected by the leak.
It was in July this year that Facebook accepted a 20-year-long agreement with the US Federal Trade Commission (FTC) worth $5 billion over the Cambridge Analytica scam to enforce new guidelines for how the social media handles its users’ privacy and their data.