Facebook has disclosed that it mistakenly shared user data with around 5,000 developers even after their access should have expired.
Apps on Facebook that haven’t been used for 90 days are supposed to be prevented from accessing users’ personal data. This security measure was introduced following the Cambridge Analytica privacy scandal from 2018.
However, Facebook says it found that apps were continuing to collect data even if a user wasn’t active. This included information about users’ gender and language settings. Facebook notes that this was happening over “the last several months.”
“We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook,” the company wrote in a blog post.
Facebook hasn’t disclosed how many users may have been impacted by the issue. The social media giant says it has since fixed the issue and that it will keep investigating, and will prioritize transparency.