Facebook announced on Tuesday that recent changes made to its Groups API led to some apps getting unauthorised access to user data. This wouldn’t be the first time Facebook has done something like this, so here we go once again.
In the past, the Groups API allowed app developers to get access to information from a Facebook Group whenever group admins authorized an app for the entire group. But in April 2018, Facebook changed that by preventing developers from accessing the user data from the groups unless the group members had opted-in.
But somehow, in the classic Facebook way, the change didn’t work as well as the company hoped. The company reported that an issue in the API led to around 100 “partners” being able to access member information like their names and profile pictures without their permission via Facebook Groups. 11 of these partners accessed user data in the last 60 days, though Facebook says the company hasn’t yet seen any evidence of abuse from these partners.
The company is apparently working with the app developers to get the member data deleted.