Facebook accidentally shared user’s confidential data with around 5,000 app developers even after the expiry of their access period.
Facebook accidentally shared user’s confidential data with around 5,000 app developers even after the expiry of their access period.
After the Cambridge Analytics scandal in 2018, Facebook had announced a change to the way app developers would be able to access Facebook user data.
At the time Facebook added a new mechanism to its API that prevented apps from accessing the user’s data if the user did not use the app for more than 90 days.
Recently it discovered that this safety mechanism failed to activate and allowed some apps to continue accessing user information even past the 90-day cut off date. The issue was fixed as soon as it came to be known.
“From the last several months of data we have available, we currently estimate this issue enabled approximately 5,000 developers to continue receiving [user] information,” Papamiltiadis said.
The company didn't explain how many users were affected and had their data made available to app developers even after they stopped using the app.
“For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognise that some of their friends had been inactive for many months,” said Facebook in a statement.
“We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook,” said the company.
Paoamiltiadis said that they are introducing new Platform Terms and Developer Policies to assure businesses and developers can clearly understand their responsibility to protect data and respect people’s privacy while using.
The terms now restrict the information developers can share with third-parties without detailed consent from users, strengthen data security requirements, and clarify when developers must delete data.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online