Facebook reveals another privacy breach, this time involving developers

Roughly 100 app developers may have been able to access data they shouldn’t have.
Written by Charlie Osborne, Contributing Writer

Facebook has quietly revealed another privacy breach involving approximately 100 developers. 

On Tuesday, Konstantinos Papamiltiadis, Facebook's Director of Platform Partnerships said in a blog post that the names and profile pictures of users connected to Groups and the system's API were accessible.

Before April 2018, group administrators could authorize an app for a group they managed, giving the application developer access to this information. 

Despite restricting information access to just the group's name, the number of users, and post content — unless users opted-in to share their name and profile picture — in April last year, Facebook says that some apps retained access to this additional data until recently. 

See also: Facebook promises action on 2020 US election fraud, wipes out fake networks from Russia, Iran

"As part of our ongoing review, we recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended," Papamiltiadis said. "We have since removed their access."

In total, roughly 100 developers may have accessed this information. The tech giant knows of at least 11 developers that have accessed data they should not have been able to tap into within the last 60 days. 

The social media giant is now reaching out to developers. Papamiltiadis says that there is "no evidence" of abuse, but Facebook will be asking them to delete any group member data the developers may have harvested. Audits will also take place to make sure developers comply. 

CNET: DMV data breach gave seven government entities improper access to data

Facebook says that the apps involved were "primarily" related to social media management and video streaming software. 

"We aim to maintain a high standard of security on our platform and to treat our developers fairly," the executive added. "As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed." 

In July this year, Facebook settled with the US Federal Trade Commission (FTC) in an agreement worth $5 billion to lay to rest allegations of user privacy failures in the wake of Cambridge Analytica. 

TechRepublic: How boot camps may fill the need for more white hats in the US

As part of the deal, Facebook agreed to conduct a privacy review of every product, service, and practice before implementation, and compliance officers had to be appointed to ensure the social network is meeting the FTC's standards. 

In related news, back in October, Facebook wiped out fake networks originating from Russia and Iran designed to spread political content through fraudulent accounts and pages. 

Facebook has also promised to tackle the threat of 2020 US election fraud on its network. 

Facebook's worst privacy scandals and data disasters

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards