Monday, May 19, 2025
HomeFACEBOOKFacebook Reveals An Another Data Leak - 100+ 3rd Party Apps...

Facebook Reveals An Another Data Leak – 100+ 3rd Party Apps Accessed FB Groups Member Data

Published on

SIEM as a Service

Follow Us on Google News

Facebook revealed a new security incident that affected the FB groups member by nearly 100+ 3rd party apps that accessed the group member’s information.

These apps were misused the Facebook Groups API and retained access to group member information, such as names and profile pictures with group activities.

Groups API is a collection of Graph API endpoints that allow apps to read and create Facebook Group data on behalf of group members. a group admin can grant 3rd party app access to groups publicly available content, such as posts, photos, and videos.

- Advertisement - Google News

Facebook restricted the app developers to access the group member information such as name and profile picture in April 2018, and the apps only authorized to access the information such as the group’s name, the number of users, and the content of posts.

“If the apps want to access sensitive information, group members had to opt-in. but the Facebook recent ongoing review reveals that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended.” Facebook Said via a blog post.

Facebook believes that at least 11 partners accessed group members’ information in the last 60 days, and there is no evidence found that this information was abused.

The apps that accessed the information are social media management and video streaming category that developed for group admins to manage their group to help the group member to share the videos and more.

“We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we’ve said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products.”

Konstantinos Papamiltiadis, Director, Platform Partnerships said, “We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed”

In September, Facebook suspended “tens of thousands” of apps associated with 400 developers due to the privacy concern, and pose a threat to the Facebook community.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Massive Facebook Phishing Attack Targets Hundreds of Companies for Credential Theft

A newly discovered phishing campaign targeting Facebook users has been identified by researchers at...

New Facebook Fake Copyright Notices to Steal Your FB Accounts

A newly discovered phishing campaign is using fake Facebook copyright infringement notices to trick...