Facebook admits 100 third-party developers may have had access to user information

Facebook has revealed that around 100 software partners or simply developers had unauthorised access to user information. This was discovered when the social media giant was conducting a review of the data it shares with its software partners. [caption id=“attachment_7246271” align=“alignnone” width=“1280”]  A 3D printed Facebook logo is seen in front of displayed binary code in this illustration picture, June 18, 2019. Image: Reuters.[/caption] In Facebook’s developer blog, it was announced that the company had removed and restricted several of its developer APIs owing to concern over partners getting access to data more than intended. The Groups API that acted as an interface between Facebook and apps with groups was changed back in April 2018. Before that, the groups were allowed to authorise an app to a group. Since the changes were made, if group admins authorised access, the app would receive information including the group’s name, number of users, and the content in the posts. However, in a recent audit, Facebook found that some of the developers managed to retain access to user information from the groups despite of the changes. This included names and profile pictures related to group activity. Access was retained by these developers longer than Facebook intended and now it has been removed. About 100 developers had access to the information since the changes were announced to the Groups API, and at least 11 of them accessed the data in the last 60 days. The company says that there wasn’t any evidence of abuse and it will conduct more audits to confirm whether the developers have deleted the data. Facebook says it involved social media management and video streaming apps which were primarily used by group admins to manage the groups.