Uh oh — Facebook‘s been caught in yet another data scandal. The company has admitted that it mistakenly gave around 5,000 developers unauthorized access to user profiles due to a bug in the platform.
The leak breaks Facebook‘s own rules over access to personal information. Since 2018, the platform has automatically blocked developers from getting people’s data if they haven’t interacted with the app in the last 90 days. Once that time limit expires, developers have to again ask users for permission to access their data. But in this case, the lock-out system failed.
“We discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days,” said Konstantinos Papamiltiadis, Facebook‘s VP of Platform Partnerships.
“For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months.”
Papamiltiadis said Facebook fixed the bug the same day it was found, but didn’t reveal how many users had been affected.
The nature of the breach is particularly bad news for Facebook, as third-party access to data was also at the centre of the Cambridge Analytica scandal.
The incident was what led Facebook to introduce its 90-day lock-out rule. But the new leak shows the system clearly still needs a lot of work.