Roughly 100 App Developers Retained Unauthorized Access to Group Members’ Data.
Another day, another data breach at Facebook – If you are a member of any group on Facebook, chances are that your data could have been compromised, as per the recent revelations made by the social networking giant in its latest blog post.
According to Facebook, nearly 100 third-party app developers improperly gained access to various groups and compromised user data, which included profile pictures and user names. The company also revealed that the developers were mainly associated with social media management and video streaming applications. The apps helped group admins in conveniently managing their groups and sharing videos.
As part of our ongoing review, we recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended. We have since removed their access, Facebook said in its blog post on Tuesday.
Admitting the security lapse, Facebook refrained from providing details about the app developers, the extent of information compromised, and the number of users affected by this data breach.
See: Facebook stored 600m user passwords in plain text exposed to 20k employees
The company claims that there is no evidence of abuse but the developers have been notified to delete retained member data immediately. Facebook also plans to conduct an audit to make sure that the data has been deleted.
Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted, the compny said.
The social network identified the data breach after noticing that some applications were accessing user data despite the changes Facebook implemented in its Group API in April 2018. For your information, after the Cambridge Analytica data loss scandal Facebook inspected its software development framework and suspended thousands of applications that it found to be gaining illegal access to user data.
See: Unsecured database leaks phone numbers of 419 million Facebook users
Furthermore, apps that were integrated with groups were restricted to only access standard information including the group’s name, number of members and content posted on the group. The company bragged about successfully limiting developers’ access to user data, a claim that has been nullified now that Facebook itself has admitted that some apps were still accessing group members’ private data.
The company also noted that in the past 60 days, around 11 app developers gained illegal access to users’ data on Facebook.
Safeguarding user data is a domain that Facebook has always struggled in conquering. The infamous Cambridge Analytica scandal and other leaks considerably tarnished its image among users across the globe. It is about time the company takes some productive steps to ensure that user data doesn’t get compromised.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.