Facebook shared user data with developers it shouldn't have — again

At least 5,000 developers received data from 'inactive' users.

Sponsored Links

Bangkok, Thailand - July 14th, 2019: Facebook signup web page app on smart phone Samsung Galaxy S10 with user sign in registration screen using social networking and computer notebook from anywhere office.
Pornpak Khunatorn via Getty Images

Facebook has disclosed yet another instance of developers receiving user data they shouldn’t have. According to the company, at least a few thousand developers were able to access some personal details from “inactive” users who hadn’t used their apps in more than 90 days. 

Under Facebook’s guidelines, developers shouldn’t receive data from users once they become “inactive,” which Facebook defines as those who haven’t used the app in more than 90 days. The company introduced the rule in 2018 after the Cambridge Analytica scandal forced the social network to tighten its developer policies. 

Facebook didn’t disclose how long the “issue” had been around before it was fixed, or how many users may have been impacted. The company said it affected “approximately 5,000 developers” from “the last several months.” Facebook also didn’t specify exactly what data may have been improperly shared, but said the users had previously authorized the apps to receive the data in question.

“We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook,” the company wrote.

Facebook noted it fixed the issue the day after it was discovered and it plans to “keep investigating.”

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget