Facebook revealed a new security incident that affected the FB groups member by nearly 100+ 3rd party apps that accessed the group member’s information.
These apps were misused the Facebook Groups API and retained access to group member information, such as names and profile pictures with group activities.
Groups API is a collection of Graph API endpoints that allow apps to read and create Facebook Group data on behalf of group members. a group admin can grant 3rd party app access to groups publicly available content, such as posts, photos, and videos.
Facebook restricted the app developers to access the group member information such as name and profile picture in April 2018, and the apps only authorized to access the information such as the group’s name, the number of users, and the content of posts.
“If the apps want to access sensitive information, group members had to opt-in. but the Facebook recent ongoing review reveals that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended.” Facebook Said via a blog post.
Facebook believes that at least 11 partners accessed group members’ information in the last 60 days, and there is no evidence found that this information was abused.
The apps that accessed the information are social media management and video streaming category that developed for group admins to manage their group to help the group member to share the videos and more.
“We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we’ve said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products.”
Konstantinos Papamiltiadis, Director, Platform Partnerships said, “We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed”
In September, Facebook suspended “tens of thousands” of apps associated with 400 developers due to the privacy concern, and pose a threat to the Facebook community.