Facebook says it has discovered a new privacy flaw on its platform that lets some app developers’ access data in Groups that they should not have. The social network restricted how much information app developers could gather from Groups, following the Cambridge Analytica data scandal.
But it said about 100 developers had retained access to Group data, such as people’s names and photos. Facebook did not say how many members had been affected by the flaw. “We can be in little doubt that there are groups out there that seek to abuse these kinds of flaws to artificially shape debate, manipulate voters and influence election results,” Mike Beck from the cyber-security company Darktrace told the BBC.
Like other social networks, Facebook provides an application programming interface (API) that lets app developers connect their own creations to Facebook. But in 2018, it was revealed that Cambridge Analytica had harvested the personal data of millions of people by creating a personality quiz on Facebook – and used the data to target political advertising.
In October, Facebook agreed to pay a £500,000 fine imposed by the UK’s data protection watchdog, for its role in the scandal. Following the scandal, Facebook restricted access to many of its APIs, including the one that let app developers connect to Groups on the social network.
With permission, app developers could access a group’s name, the number of members and the content of posts. However, they could only access member names and photos if people explicitly opted in. But on Tuesday, the company revealed that about 100 “partners” retained access following the change.
It said “at least” 11 developers had accessed the restricted information in the last 60 days. “Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained, and we will conduct audits to confirm that it has been deleted,” Facebook said in a statement.