Facebook reports data breach in connection with group activity from the Groups API

The latest revelation from Facebook is that it recently found some apps to be retaining access to group member information, like names and profile pictures in connection with group activity from the Groups API, for longer than it was intended.

Facebook has reported that it has since removed their access. Facebook is also reaching out to approximately 100 partners who may have accessed this information since restrictions to the Groups API was announced. However it is likely that the number that actually did is smaller and decreased over time. Facebook is in knowledge of at least 11 partners who accessed group members’ information in the last 60 days. Although there is no evidence of abuse, the social media company will ask them to delete any member data they may have retained, and shall be conducting audits to confirm that such information has been deleted.

These were primarily social media management and video streaming apps, designed to make it easier for group administrators to manage their groups more effectively and help members share videos with their groups.

Facebook is also being investigated for giving user data to Cambridge Analytica. The United States authorities have fined the social media company $5 billion for this breach, but in India there has been no action against Facebook so far.