Facebook has discovered a new privacy breach in its Facebook Groups API that inadvertently gave around 100 app developers access to private user information
Social media giant Facebook has been in the news a lot lately for security breaches and misuse of the personal data of its users. The firm was fined $5bn US by the United States Federal Trade Commission for its mishandling of user data in the Cambridge Analytica scandal and other privacy breaches, and most recently agreed to pay the £500,000 UK fine for the Cambridge Analytica breach.
Today Facebook disclosed that it's discovered another potentially serious data breach, this time with the Facebook Groups developer API. Admins of Facebook groups used to be able to give access to the group's information to group management apps, including profile pictures and names of all group members even if they didn't explicitly give permission themselves.
Facebook announced restrictions to the group API in April 2018 limiting apps to requesting only basic group information such as the group's name, number of users, and the content of group posts. Despite this, roughly 100 developers have somehow reportedly accessed the personal data of group members via the API since then, with 11 accessing the data in the past 60 days.
Facebook confirmed that some users retained access to the private data for longer than was intended, and that the data was primarily accessed by video streaming and social media management apps. Facebook is now reaching out to the developers who accessed the information to request that they delete it.
Source: Bleeping Computer, CBR Online
