Facebook has admitted to yet another misstep with customer data, allowing 5,000 developers to access it after the cutoff date.
After Cambridge Analytica, Facebook added a safety measure to its API to prevent app developers from accessing user data if the user had not interacted with the app for at least 90 days. It appears this measure failed to activate in some instances, giving developers access well after the 90-day cutoff.
“But recently, we discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days,” writes Konstantinos Papamiltiadis, VP of Platform Partnerships. “For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months.
“From the last several months of data we have available, we currently estimate this issue enabled approximately 5,000 developers to continue receiving information — for example, language or gender — beyond 90 days of inactivity as recognized by our systems. We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook.”
Facebook has had one privacy scandal and misstep after another, and this latest one should be no surprise to anyone. It also comes at a time when Facebook is already being boycotted for its advertising practices.