Facebook said Wednesday that it shared user data with thousands of developers even after access should have expired. The social network said it fixed the issue, but the mistake allowed an estimated 5,000 developers to continue receiving user data for a longer time than expected.
In 2018, Facebook said that developers would no longer have access to a user’s data if the person hadn’t use the developer’s app in the last 90 days. People can use their Facebook account to log into various apps. The social network made the change in the wake of the Cambridge Analytica scandal that year. UK political consultancy Cambridge Analytical harvested data from up to 87 million users without their permission, sparking concerns that Facebook wasn’t doing enough to safeguard user data.
Facebook said that the company recently discovered that apps continued to receive data from the social network even if a user wasn’t active on the developer’s app for 90 days.
“For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months,” Facebook said in a blog post.
The company, which has more than 2.6 billion monthly active users, doesn’t say in the post how many users are impacted or if they will be notified their data was accessed for a longer period of time than expected. Facebook said it will continue to investigate the issue but that the company hasn’t found evidence that the data was misused by developers.
Facebook got slapped with a record $5 billion fine from the Federal Trade Commission following the Cambridge Analytica scandal.