Facebook has disclosed yet another instance of developers receiving user data they shouldn’t have. According to the company, at least a few thousand developers were able to access some personal details from “inactive” users who hadn’t used their apps in more than 90 days.
Under Facebook’s guidelines, developers shouldn’t receive data from users once they become “inactive,” which Facebook defines as those who haven’t used the app in more than 90 days. The company introduced the rule in 2018 after the Cambridge Analytica scandal forced the social network to tighten its developer policies.
Facebook didn’t disclose how long the “issue” had been around before it was fixed, or how many users may have been impacted. The company said it affected “approximately 5,000 developers” from “the last several months.” Facebook also didn’t specify exactly what data may have been improperly shared, but said the users had previously authorized the apps to receive the data in question.
“We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook,” the company wrote.
Facebook noted it fixed the issue the day after it was discovered and it plans to “keep investigating.”