An issue with Facebook’s system had caused it to share user data with approximately 5,000 developers even if a user hadn’t accessed their app in the past 90 days, violating its own policies.

The social media giant in 2018 had announced that it would limit the access to user data by third-party apps and would automatically expire an app’s ability to receive user information if its systems didn’t recognize a person as having used the app within the last 90 days.

However, the tech giant had recently discovered an issue that had caused select developers to still have an access to user data even if a user hasn’t accessed the app within this time frame.

“Recently, we discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days. For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months,” wrote Konstantinos Papamiltiadis, VP of Platform Partnerships at Facebook in an official post on Facebook’s news page.

“From the last several months of data we have, this issue enabled approximately 5,000 developers to continue receiving information — for example, language or gender — beyond 90 days of inactivity as recognized by our systems,” he added.

Facebook didn’t mention the extent of the breach or if any user data had been impacted by the same.

“We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook,” Papamiltiadis added.

The social media platform had fixed the issue the next day and has introduced Platform Terms and Developer Policies to strengthen security and increase transparency, it said.

“These new terms limit the information developers can share with third parties without explicit consent from people. They also strengthen data security requirements and clarify when developers must delete data,” Facebook said.

comment COMMENT NOW