Facebook mistakenly shared data of inactive users with 5,000 developers

Developers were able to see personal information such as gender and preferred language of inactive users beyond a certain cut-off date

FILE PHOTO: The Facebook logo is displayed on a mobile phone in this picture illustration taken December 2, 2019. REUTERS/Johanna Geron/Illustration/File Photo
Powered by automated translation

Facebook admitted to accidentally sharing users’ confidential data with hundreds of third-party app developers even after their access period to user data had expired.

In 2018, the social media network had rolled out a feature that automatically barred an app from receiving any updates or information if a user is inactive in the last three months.

But a glitch allowed developers to see personal information such as gender and preferred language for a longer time than they were allowed to, the company said.

“Apps continued to receive the data that people had previously authorised, even if it appeared they hadn’t used the app in the last 90 days,” Konstantinos Papamiltiadis, vice president of platform partnerships at Facebook, said on Wednesday.

“We estimate this issue enabled approximately 5,000 developers to continue receiving information, beyond 90 days of inactivity as recognised by our systems.”

The social media network said that it has now fixed the glitch.

“We fixed the issue the day after we found it. We will keep investigating and will continue to prioritise transparency around any major updates,” Mr Papamiltiadis said.

Facebook also said the developers play an important role in protecting people’s data and it is working to make them accountable in case of any breach in the future.

“We are also requiring developers to be accountable for the ways they use data and comply with our policies … Our review of apps on our platform is ongoing, and we will continue to make improvements,”Mr Papamiltiadis said.

The California-based company also issued new terms and conditions for developers on Wednesday.

The new terms limit the information developers can share with third parties without explicit consent from people. They also strengthened data security requirements when developers must delete data.

“These changes are just some of the ways we are improving our platform and making more trustworthy experiences for people using apps on Facebook,” Mr Papamiltiadis said.

Last June, Facebook was called out for collecting confidential details of 187,000 users, some as young as 13, through its now non-operational app Research that paid users for wide-ranging access to their data.

This followed a security breach in Facebook's platform that affected nearly 50 million accounts.