The Cambridge Analytica case caused Facebook to revise various permissions for developers. One, which gave access to data from group members, was restricted in April 2018. However, about 100 developers continued to have access to such information as if nothing had happened.
The information was revealed by Facebook itself in its blog for developers. According to the company, a social networking API allowed administrators to authorize third-party applications to access data such as the name and profile photo of group members.
With the restriction, the API started to release only the name of the group, the number of participants and the content of the publications. In order to have access to the participants’ information, the developers need to have the authorization of each one of them.
Despite this, Facebook says that data remained available to about 100 developers after April. The company also states that, out of the total, at least 11 had access to information from group participants in the last 60 days.
Among them are social media management and video streaming applications. According to Facebook, the tools were used by administrators to help participants share videos in groups.
“We recently discovered that some applications maintained access to group members’ information, such as names and profile photos in connection with the group’s activity, in the groups API, for longer than we intended,” said the platform’s partner director. Facebook, Konstantinos Papamiltiadis.
Facebook reports that, after discovering the flaw, it cut off developers’ access to such information. “Although we have not seen evidence of abuse, we will ask you to delete data from members that you may have retained and will conduct audits to confirm that you have been deleted,” continued the executive.
In its statement, Facebook did not say how many groups were affected by the flaw, nor how many users had their data exposed improperly.
With information: Mashable.