Facebook "mistakenly" gave its users' data again to third parties, even though the social media platform assured users they wouldn't.
The social media platform also set new rules after the Cambridge Analytica scandal in 2018. It banned developers from collecting data from people who have not used the social network for more than 90 days.
Minimal privacy mishap?
In a blog post, Facebook has said that thousands of developers already get updates on non-public information from users well beyond their expectations. Specifically, Facebook said it did not cut the data spigot--as agreed in 2018--90 days after anyone had previously used an app for an undisclosed number of users.
Facebook's blog post offers an insight into the privacy mishap--although minimal. The company notes that it could have e-mails, birthdays, language and gender in the consumer details in question and sent it to about 5,000 inactive users beyond the 90 days.
The issue refers to applications from around 5,000 developers, but the company did not say the number of users. A Facebook developer pointed out the flaw two weeks ago, Bloomberg reported. Facebook said it had no reason to suspect that any of the data had been misused.
"[Recently], we discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn't used the app in the last 90 days," Facebook wrote.
"For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn't [know] that some of their friends had been inactive for months," it added.
The problem was fixed as soon as it was found, reported Facebook. Besides what the user had approved when the Facebook account was still active, there was no more information exchanged.
Not the first time
It is not the first time that third-party developers have had inappropriate access to user data on Facebook. At the end of 2019, Facebook's vice president of platform partnerships again wrote a blog post describing the painstakingly familiar scenario.
"[We] recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended," wrote Facebook at the time. "We know at least 11 partners accessed group members' information in the last 60 days."
Facebook was obliged in 2018 to uncompromisingly clarify why certain third-party firms had alarming access amounts to the data of the users on Facebook. They then assured everyone that the company was working on it as they assured everybody today.
"We've taken [several] steps this year to limit developers' access to people's Facebook information. As part of that ongoing effort, we're reviewing all our APIs and the partners who can access them," Facebook wrote.