Facebook Unknowingly Shared Private Group Data With Partners
Facebook Inc. said it unknowingly gave outside developers access to private user information shared within some groups on its main social network, including the names and profile photos of people who were part of those groups.
The company disclosed the issue Tuesday, saying that some third-party developers who used Facebook’s Groups API -- a software program that allows for information sharing between Facebook and outside developers -- could see which users shared posts or left comments inside a group, even though they weren’t supposed to have that level of detail. Access to that information has now been removed or limited, the company said.
Beginning in April 2018, Facebook restricted access so that these outside partners could only see the text of posts or comments from inside groups, but not the names or photos of the people who shared them. The company discovered in a recent review that this additional information was also being shared. This API is popular with developers who build programs to manage Facebook groups focused on topics like customer service.
The Menlo Park, California-based company said it is reaching out to 100 third-party developers who had access to the data that was supposed to have been restricted. Facebook said in a blog post that it has seen no evidence of abuse, but “we will ask them to delete any member data they may have retained.” A company spokesman declined to say how many users were affected.