Facebook discloses that it had let around 5,000 third-party developers to access the data of users, who were inactive in for so long. This was an internal principle Facebook made after the Cambridge Analytica scandal, where the third-party app developers who gain access to Facebook’s data of a user should cut off after the user is inactive for more than 90 days period. Yet, it happened.
Facebook Let Externals Access User Data Accidentally!
The size of the system is directly related to the number of loopholes existing in it. This rule applies to almost all the companies, as they fail to check for mistakes for either being so big or lacking resources.
In terms of Facebook, issues on the company falling into security and privacy scandals have become so normal. In the latest incident, Facebook announced that it let about 5,000 app developers access the user data, though they’re not allowed to do so!
The issue is about a failed Facebook API, where it’s integrated by third-party apps to let users log in via their Facebook credentials. While this makes the user skip login hassle, it gives the third-party app developers access to a subset of user’s Facebook profile, like email, user likes, gender, location, birthday, and age range.
This information, as per Facebook’s policies made after Cambridge Analytica’s scandal, shouldn’t be accessible to external developers if the user is inactive for more than three months.
Yet, this happened. Facebook’s announcement on Wednesday says it had let about 5,000 apps to continue the access of this user data, though they were inactive for months.
This was explained with an example as when a fitness app users invite his friends for a workout, the data of theirs too was accessible to the developers! Facebook didn’t say how many users were impacted by this, and what kind of data was accessed. Well, it’s just another story from Facebook’s bulk book of security and privacy issues