Facebook Gave 100 Apps Unauthorised Access to Data of Some Users

Facebook announced on Tuesday that recent changes made to its Groups API led to some apps getting unauthorised access to user data. This wouldn’t be the first time Facebook has done something like this, so here we go once again.

In the past, the Groups API allowed app developers to get access to information from a Facebook Group whenever group admins authorized an app for the entire group. But in April 2018, Facebook changed that by preventing developers from accessing the user data from the groups unless the group members had opted-in.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

[ad unit=’in_content_premium_block’]

But somehow, in the classic Facebook way, the change didn’t work as well as the company hoped. The company reported that an issue in the API led to around 100 “partners” being able to access member information like their names and profile pictures without their permission via Facebook Groups. 11 of these partners accessed user data in the last 60 days, though Facebook says the company hasn’t yet seen any evidence of abuse from these partners.

The company is apparently working with the app developers to get the member data deleted.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 1 comments

  • sandy

    06 November, 2019 - 6:48 pm

    <p>Sounds like a GDPR violation; bring on the 4% global revenue fine, and maybe they'll actually properly test before deploying to production?</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC