Facebook accidentally shares user data with app developers

A security measure introduced after the Cambridge Analytica scandal does not apply to 5000 apps. You receive user information even after 90 days of inactivity. Facebook is also tightening the rules for the disclosure of data to third parties.

Facebook apparently violated its own privacy policy again. According to its own statements, the social network passed user data on to around 5000 app developers, although the access granted to users by their data had already expired in accordance with Facebook’s rules. The incident is directly related to security controls that the company introduced as a result of the Cambridge Analytica scandal in early 2018.

Facebook (Image: Facebook)Mark Zuckerberg’s company therefore committed to restricting developers’ access to user data. Among other things, access should be denied as soon as a user has not used an app for more than 90 days.

However, Facebook recently stated that the security mechanism was not activated for some apps and that data was passed on to their investigators even after the 90 days had passed. According to Konstantinos Papamiltiadis, Vice President for Platform Partnership at Facebook, the problem was resolved immediately.

The extent of the data loss could therefore be traced by analyzing internal log files. “Based on the data available over the past few months, we currently believe that this issue has allowed approximately 5,000 developers to continue to receive user information,” said the manager. However, Facebook did not tell how many users are affected.

Access to the data that the user voluntarily shared with the apps in question was also limited. According to Facebook, the apps received new or additional data only in cases where users changed their profile details during the period.

In response, Facebook also introduced stricter rules for the disclosure of information to app developers. Third parties should no longer receive any data without the express consent of the user. In addition, the rules should be used strictly against developers who break them – also by legal means.


Leave a Reply

Your email address will not be published. Required fields are marked *