Facebook has confirmed that many app developers have retained the data containing the names and profile pics of group members in a recent security review. At least 100 of them might have also accessed the information of those retained group members then, the social media giant revealed.
Out of those suspected 100, around 11 might have actually accessed the group members’ information using the data that they did not erase in their records. In an ongoing review of third-party apps with the unrestrained access to Facebook users’ data, this access to names and photos is believed to have been done sometime in the past 60 days period.
Although Facebook has said that the actual number of such app developers might be less than a hundred and that it is simply a rough estimate. The company has said that it has already reached out to those 100 developers and asked them to delete all the data containing the group members’ information.
Facebook has also maintained that there have been no reports of abuse through social media owing to all the group information retained. The social media behemoth has already removed the access of the apps to Group members’ names and profile pictures. Those were third party applications. That the concerned apps do actually delete the information from their database, Facebook said, would conduct audits for confirmation regarding the same.
“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” the social media company said.Source
As for now, the names of the violating developers and apps have not been revealed by Facebook. Even the number of affected users has not been revealed. Among those violator apps, some were mainly for managing social media services. Some of them provided video streaming services like of those utilized by many companies that want to provide online customer support.
The aftermath of the Cambridge Analytica data scandal saw a lot of flak from all corners for the social media giant. There were a number of changes made by Facebook to ensure the privacy of data of its users from then on. Those owning Groups API lost access to the group members’ list.
There are third-party tools that Facebook group administrators could use to manage their groups and the activities on them. Although they could not see the name, profile pics, etc. of individual members after the modifications done by the company last year, it was only after the security review recently, that the breach could be disclosed finally.
Facebook chose to remain transparent over the entire matter and in a recent post, stated, “We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we’ve said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products. As we continue to work through this process, we expect to find more examples of where we can improve, either through our products or changing how data is accessed. We are committed to this work and supporting the people on our platform.”
This transparency and disclosure have been done as a part of protecting its FTC agreement. Earlier this year, Facebook has had a $5 billion settlement with the Federal Trade Commission and aims to strengthen the privacy of users. Also, Facebook has lately sought to clean up its data management.