Facebook reports another data leak

Facebook developers have discovered a software bug related to access rights to information of group members. Perhaps there was another data leak.

The social network limited access to this data in April 2018. The ban was linked to a scandal surrounding Cambridge Analytica, which used legitimate Facebook tools to collect user data. As a result of the proceedings, the US Federal Trade Commission imposed a fine of several billion dollars on the social network and ordered the social network management to review its policy on working with personal information.

Read also: Shadow Brokers archive allowed tracing mysterious DarkUniverse group

After these events, Facebook developers changed the mechanics of several APIs at once, with the help of which third-party participants could receive information about users. The list of modified packages included the API Groups, which provided data exchange between external services and social network groups.

Programmers allowed such applications to read the content of posts, see the name of the group and the number of its users. Additional data became available only if participants allowed it separately.

However, as the developers found out, some services managed to get this information without the knowledge of users. According to Facebook, about 100 applications received illegal access, of which at least 11 were viewing data in the last 60 days.

“For the most part, these are services for streaming and page management, with the help of which administrators can effectively manage communities and group members share video. Despite the convenience of such features for users and Facebook communities, we decided to disable access”, – said Konstantinos Papamiltiadis, Director of Platform Partnerships of Facebook.

Representatives of the social network separately noted that they did not find signs of abuse of illegally obtained data. This detail distinguishes the current leak from another incident when, in violation of the rules, Facebook caught one of the contractors of Instagram, linked Facebook service. In August, journalists found out that employees of the HYP3R analytical agency were tracking users’ geolocation, although this feature was also blocked after the 2018 scandal.