A Bug Caused 5,000 Third-Party Facebook Developers To Have Unauthorized Access To Users' Data

03/07/2020

This isn't the first time or the second time that Facebook has been caught in a data scandal.

From the famous Cambridge Analytica scandal, to the tens of thousands of users' private messages leaked and being sold on the dark web, the social giant seems to fail numerous times in protecting its users' data.

This time, Facebook admitted that it mistakenly gave around 5,000 developers unauthorized access to user profiles due to a bug in the platform.

Back in 2018, company addressed many vulnerabilities in its API that allowed user data to be harvested by third-party app developers.

And this bug here that Facebook found, simply broke those rules.

Facebook Developers

Read: Facebook Restricts Data Access: All Users' Information May Have Been Harvested

In a post, Facebook's VP of Platform Partnerships Konstantinos Papamiltiadis said that:

"Developers play an important role in protecting people’s data, just like everyone at Facebook."

"One of our goals is to communicate more openly about the issues that we identify as we’ve increased our rigor around identifying, mitigating and preventing privacy issues that may impact people."

"We discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days. For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months."

As a result of this, the 5,000 or so developers could have received information about users' gender or language beyond 90 days of inactivity as recognized by its systems.

The bug was said to have been around for months, and Facebook said that it patched the flaw "the day after we found it."

Papamiltiadis however, didn't say anything about how many Facebook users were affected by this bug.