“Some apps retained access to group member information for longer than we intended…”
Facebook says privacy-enhancing measures made to the Facebook Groups API in April 2018 didn’t work effectively, with group member data wrongly disclosed to third-party apps as a result, in yet another data breach by the social media company.
That should have ended early last year, after the company tweaked the Facebook Groups API.
Prior to the April 2018 changes, group admins could authorise a third-party app to plug in to a group, giving the app developer access to information in the group.
After last year’s changes, even with a Facebook group admin’s approval, the third-party application would only get the group’s name, number of users, and the content of posts; group members had to opt-in for the application to get their details too.
But a number of apps have still been accessing personal data in recent weeks, the company admitted, saying it saw “no evidence of abuse”.