Facebook has discovered yet another back-end privacy issue that has exposed the user data across thousands of apps. The apps continued to receive critical user personal data, even after the access expiring automatically.
In 2014, the company had introduced more granular controls for users to decide which non- public information — such as their birth date or email address — to share when they used Facebook to sign in to the apps.
Later, in 2018, the automatic expiration was decided if the systems didn’t recognize a person as having used the app within the last three months. However, the firm recently discovered that few apps continued to receive previously authorized user information, even though they had not used the app in 90+ days.
The estimates confirm that such an issue enabled approximately 5000 developers to continue receiving information inappropriately.
Source: Infosecurity Magazine