The last few weeks have seen the news go from bad to worse for Facebook, especially on the privacy front. Now the company is admitting that roughly 100 developers may have improperly accessed Groups member data.
In April 2018, Facebook made changes to the Groups API to limit what information administrators could access. Prior to the change, admins could see identifiable information, such as member names and profile pictures. Following the change, group members would have to opt-in for an admin to see that information—at least in theory.
According to Konstantinos Papamiltiadis, Facebook’s Platform Partnerships Head, an ongoing review discovered that some 100 developers had retained access to member information. Papamiltiadis said the company had taken steps to address the issues.
“We have since removed their access. Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time. We know at least 11 partners accessed group members’ information in the last 60 days. Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted.”
The post also made a point of promising that the company would continue to improve moving forward.
“We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we’ve said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products. As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed. We are committed to this work and supporting the people on our platform.”
Given the current political climate, with politicians on both sides of the aisle increasingly looking at Facebook as a threat to privacy—and some even calling for its breakup—the company will need to do better to convince authorities and users alike that it can be trusted.