The social media giant, Facebook has officially admitted that they’ve been sharing data with thousands of third-party app developers unintentionally.
Facebook stated the discovery in a blog post, by Konstantinos Papamiltiadis, vice-president of Platform Partnerships at Facebook, that an issue where some developers were receiving user details even if the user did not use their apps for 90 days.
However, Facebook also claimed that they’ve fixed the issue and will continue investigating to ensure no other guidelines have been violated. It is surprising that this is coming after two years, the company vowed to improve its protection of user information.
In 2018 after the Cambridge Analytica scandal, a guideline states that certain apps that each user stopped using in 90 days will automatically stop having access to the user’s data, especially when it uses the user’s Facebook ID to log in.
With this bug active on the social media platform, an unknown number of users have had their data sent to third-party apps and Facebook claims the issue is now fixed but what caused the issue and when it was found still remains unknown.
The company revealed an estimated number of 5000 developers had been receiving this data due to the “issue”. The data that was shared included information like a user’s birthday, language, gender, etc.
Further to the unanswered series of questions, Facebook did not reveal how long the issue had been present nor did they reveal how many users were affected. But claimed “We fixed the issue the day after we found”
More from the blog posts “But recently, we discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days. For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months.
From the last several months of data we have available, we currently estimate this issue enabled approximately 5,000 developers to continue receiving information — for example, language or gender — beyond 90 days of inactivity as recognized by our systems. We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook.”
However, Facebook also stated that they will keep on investigating and will continue to prioritize transparency around any major updates.