Downing consulted a security researcher about the discovery who found that closed Facebook groups had a privacy loophole allowing Grouply.io to gain access to their information. The researcher, Fred Trotter, was also able to access information for Downing's group and others manually. He reported the issue to Facebook, which initially replied that it had at one point made member names "viewable" and later added that it was "exploring potential changes related to group membership and privacy controls for groups." After some back and forth between Facebook and members of the group Downing moderates, Facebook shut down the ability to collect this sort of information from closed groups. The social media giant told CNBC that the decision to do so was due to "several factors" but was not because of this specific group.
A Facebook spokesperson told CNBC that the company sent a cease-and-desist letter to the maker of Grouply.io earlier this year. The app, meant to assist marketers in collecting information en masse, has been discontinued.
Facebook has come under fire for failing to adequately protect its users' privacy a number of times this year including unblocking users' blocked accounts, setting users' privacy defaults to public and allowing millions of users' information to fall into the hands of Cambridge Analytica.
Update: Facebook told Engadget that prior to its recent change, membership lists of closed groups were visible to others -- a feature that was communicated to those in the group. However, it said that the ability to download group members' detailed personal information has not been a function of Facebook groups. The company also said that requests for increased privacy from both closed and secret group admins led to its decision to make member lists unviewable to non-members. Now, only moderators and admins will be visible to those outside of the group. "While we recently made a change to closed groups, there was not a privacy loophole," said a company spokesperson.