Tuesday, April 29, 2025
HomeFACEBOOKFacebook Reveals An Another Data Leak - 100+ 3rd Party Apps...

Facebook Reveals An Another Data Leak – 100+ 3rd Party Apps Accessed FB Groups Member Data

Published on

SIEM as a Service

Follow Us on Google News

Facebook revealed a new security incident that affected the FB groups member by nearly 100+ 3rd party apps that accessed the group member’s information.

These apps were misused the Facebook Groups API and retained access to group member information, such as names and profile pictures with group activities.

Groups API is a collection of Graph API endpoints that allow apps to read and create Facebook Group data on behalf of group members. a group admin can grant 3rd party app access to groups publicly available content, such as posts, photos, and videos.

- Advertisement - Google News

Facebook restricted the app developers to access the group member information such as name and profile picture in April 2018, and the apps only authorized to access the information such as the group’s name, the number of users, and the content of posts.

“If the apps want to access sensitive information, group members had to opt-in. but the Facebook recent ongoing review reveals that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended.” Facebook Said via a blog post.

Facebook believes that at least 11 partners accessed group members’ information in the last 60 days, and there is no evidence found that this information was abused.

The apps that accessed the information are social media management and video streaming category that developed for group admins to manage their group to help the group member to share the videos and more.

“We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we’ve said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products.”

Konstantinos Papamiltiadis, Director, Platform Partnerships said, “We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed”

In September, Facebook suspended “tens of thousands” of apps associated with 400 developers due to the privacy concern, and pose a threat to the Facebook community.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Massive Facebook Phishing Attack Targets Hundreds of Companies for Credential Theft

A newly discovered phishing campaign targeting Facebook users has been identified by researchers at...

New Facebook Fake Copyright Notices to Steal Your FB Accounts

A newly discovered phishing campaign is using fake Facebook copyright infringement notices to trick...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...