Face palm time. 100 developers may have retained access to user data since Facebook rule change in April 2018
Facebook has reportedly uncovered a fresh privacy flaw associated with user data in Groups that could be accessed by developers.
Last month for example Facebook agreed to pay the UK data protection watchdog fine of half a million pounds and drop its appeal, over its role in the Cambridge Analytica data sharing scandal.
The admission of a fresh privacy flaw came in a seemingly innocent titled blog post called “Changes to Groups API Access.”
“Since April of 2018, we’ve been reviewing the ways that people can use Facebook to share data with outside companies,” said the blog. “We’ve removed or restricted a number of our developer APIs, such as the Groups API, which provides an interface between Facebook and apps that can integrate with a group.”
“As part of our ongoing review, we recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended,” said the social network. “We have since removed their access.”
“Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time,” Facebook admitted. “We know at least 11 partners accessed group members’ information in the last 60 days.”
Facebook said that although it has seen no evidence of abuse, it will ask the developers to delete any member data they may have retained.
It said it would conduct audits to confirm that it has been deleted.
In July this year the US Federal Trade Commission approved a record-breaking fine of $5 billion (£4bn) for Facebook’s involvement in the Cambridge Analytica scandal last year.
Cambridge Analytica was the most famous Facebook privacy lapse that saw the alleged misuse of personal data on 87 million people, mostly in the US. Such as the scandal that the political consultancy was forced to shut down soon afterwards.
In March this year Mark Zuckerberg had pledged a ‘privacy-focused’ future for Facebook.