5,000 developers were mistakenly allowed to gather information from people’s Facebook profiles after a time limit on their rights had expired, according to BBC News. Apps on Facebook are supposed to be prevented from accessing people’s personal data if the app has not been used for 90 days, but this lock-out has not always worked due to a flaw in how it recorded inactivity. Facebook gave an example of the error in action, explaining that if two Facebook friends had both used an app, and only one was still using it after 90 days, the app might gather personal information from the inactive friend. It also said that the information developers could access was restricted by the permissions users agreed to when they first signed up to the app.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.