Facebook Groups API flaw exposed data to 100 developers, company says

Facebook Groups API flaw exposed data to 100 developers, company says

Facebook now says the case is baseless, and a spokesperson told Reuters that the documents were "taken out of context by someone with an agenda against Facebook", and shared with the public "with total disregard for U.S. law".

Facebook Group administrators can use third-party tools to manage their groups, giving apps information about its activity, but since 2018, developers no longer be able to see individual members' names, profile pictures, or unspecified other profile data.

When it made the change in April 2018, Facebook explained that at the time, apps needed the permission of a group admin or member to access group content for closed groups, and the permission of an admin for secret groups.

The documents, almost 7,000 pages of company emails and executive documents, come from a lawsuit filed in 2015 by Six4Tree, a developer of a bikini photo app that lost access to Facebook user data after the changes were announced in 2014 and implemented a year later.

Facebook says it has discovered a new privacy flaw on its platform that lets some app developers access data in Groups that they should not have. "We have since removed their access". The social-networking giant announced the incident in a blog post, estimating roughly 100 "partners" may have accessed this information - including 11 that did so within the last 60 days.

Facebook has revealed that around 100 software partners or simply developers had unauthorised access to user information.

More news: Woman fired over access to leaked tape of ABC's Amy Robach
More news: 2M pounds of poultry recalled over contamination fears
More news: Penske Corporation completes purchase of IndyCar series

"Although we've seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted", the company said in a statement.

Papamiltiadis said the apps were 'primarily social media management and video streaming apps, created to make it easier for group admins to manage their groups more effectively and help members share videos to their groups'.

"We aim to maintain a high standard of security on our platform and to treat our developers fairly", the executive added. The newly published documents contain exchanges between Facebook executives discussing cutting off access to user data for developers who could be potential competitors to Facebook.

In July this year, Facebook settled with the US Federal Trade Commission (FTC) in an agreement worth $5 billion to lay to rest allegations of user privacy failures in the wake of Cambridge Analytica.

The trouble appears to stem from a functionality in Facebook's groups service.

Facebook has also promised to tackle the threat of 2020 United States election fraud on its network.

Related Articles