Facebook says it unknowingly shared private group data with outside developers

Facebook Inc. said it unknowingly gave outside developers access to private user information shared within some groups on its main social network, including the names and profile photos of people who were part of those groups.

The company disclosed the issue Tuesday, saying that some third-party developers who used Facebook’s Groups API — a software program that allows information sharing between Facebook and outside developers — could see which users shared posts or left comments inside a group even though they weren’t supposed to have that level of detail. Access to that information has now been removed or limited, the company said.

Beginning in April 2018, Facebook moved to restrict access so these outside partners could see the text of posts or comments from inside groups but not the names or photos of the people who shared them. The company discovered in a recent review that this additional information was also being shared. This API is popular with developers who build programs to manage Facebook groups focused on topics such as customer service.

The Menlo Park, Calif., company said it is reaching out to 100 third-party developers who had access to the data that were supposed to have been restricted. Facebook said in a blog post that it has seen no evidence of abuse, but “we will ask them to delete any member data they may have retained.” A company spokesman declined to say how many users were affected.