A wall of user photos form a Facebook logo at the company's data center in Lulea, Sweden.
Enlarge / A wall of person pictures kind a Facebook emblem on the company’s data heart in Lulea, Sweden.


More than a yr after the Cambridge Analytica scandal got here to mild, Facebook is as soon as once more admitting that some builders have accessed person data that they need to not have.

Facebook stated in a developer submit yesterday that it could be altering builders’ entry to numerous APIs, together with Groups, after “roughly 100 partners” had been discovered to have additional entry. “We recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended,” the company stated.

At least 11 builders accessed group members’ info within the final two months, Facebook added. “Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted.”

The company didn’t identify any of the apps, but it surely stated they had been largely social media administration or video streaming apps “designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups.”

Here we go once more

Facebook made vital adjustments to its numerous APIs in 2018 after it burped up data on 87 million folks to Cambridge Analytica. Cambridge not solely accessed a broad swath of data from customers who by no means even interacted with its app but additionally retained all the info for years after promising it could be deleted.

Facebook in the end paid $5 billion in a settlement with the Federal Trade Commission relating to the scandal and agreed to make vital adjustments to how “partners” entry data on the platform.

The 2018 adjustments nonetheless allowed group admins to allow an app for a gaggle, Facebook stated, however restricted the data these apps might gather to info such because the group’s identify, the variety of members it has, and “the content of posts.” Users would theoretically have to choose in to having different info, similar to their names and profile footage, pulled in. Given yesterday’s replace, nonetheless, plainly did not totally take.

In September, Facebook additionally suspended “tens of thousands” of apps from about 400 builders after they had been discovered to be acquiring data inappropriately, failing to anonymize data, putting in malware, or in any other case breaking the company’s phrases of service.

No Comments
Comments to: Facebook Groups API flaw exposed data to 100 developers, company says