Nov. 6 (UPI) -- Social networking giant Facebook says as many as 100 third-party developers had unauthorized access to user accounts for more than a year after it revoked permissions as part of changes ushered in by a major privacy scandal.
The company made changes early last year to restrict access to user accounts by third-party developers who work with managers of Facebook groups. The privacy measure followed the Cambridge Analytica scandal, but Facebook said Tuesday permissions apparently weren't revoked for partners from some applications.
"Before April 2018, group admins could authorize an app for a group, which gave the app developer access to information in the group. But as part of the changes ... if an admin authorized this access, that app would only get information, such as the group's name, the number of users, and the content of posts," Facebook Director of Platform Partnerships Konstantinos Papamiltiadis wrote in a blog post.
"For an app to access additional information ... group members had to opt-in."
Facebook said user data remained accessible for about 100 partners -- and at least 11 have used that access in the last two months.
Since the change 19 months ago, third-party partners should no longer be able to see users' names, profile photos or other personal data. A recent review discovered the error, the company said.
"Although we've seen no evidence of abuse, we will ask [developers] to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted," Papamiltiadis wrote. "These were primarily social media management and video streaming apps, designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups."
Papamiltiadis added that Facebook made the changes to "maintain a high standard of security," but did not say how many user accounts may have been affected by the continued access.
Facebook agreed to a record $5 billion settlement with the Federal Trade Commission in July over the Cambridge Analytica scandal, in which the British political consulting firm paid to access data of 87 million users.