Facebook's director of platform partnerships, Konstantinos Papamiltiadis, shared some news on the company developer blog. Around 100 developers may have had access to Facebook user data because of faulty permission revocation. That Facebook is releasing this information quietly comes as no surprise, since the company is under scrutiny for a great many breaches and bad business practices.
Blogging Me Softly
Mashable reported that Facebooks platform partnership director had some sensitive news that he posted on the company's developers blog. Of the "roughly 100 partners" who had retained data access through the Groups API over the last 18 months, "at least 11 partners accessed group members' information in the last 60 days". Papamiltiadis went on to say: "Before April 2018, group admins could authorize an app for a group, which gave the app developer access to information in the group. But as part of the changes to the Groups API after April 2018, if an admin authorized this access, that app would only get information, such as the group’s name, the number of users, and the content of posts. For an app to access additional information such as name and profile picture in connection with group activity, group members had to opt-in."
April 2018 is a time when Facebook was in the wake of the Cambridge Analytica scandal, having made changes in March of 2018 as part of a pledge to clean up its policies and practices around user data and who has access to it. In September 2019, Facebook even suspended "tens of thousands" of apps from the platform for undisclosed reasons.
Facebook says it has asked developers concerned to delete any information they have retained. They also plan audits to ensure that the developers in question actually do as they are told. The blog post was quite ambiguous, not specifying which groups were affected, how many users' data was accessed, how many times or which developers were involved.
Facebook assures users and, at the very least, developers, that there "is no evidence of abuse" of the data. However, given the news, one wonders what they have missed regarding this breach.