From zdnet.com
Facebook has quietly revealed another privacy breach involving approximately 100 developers.
On Tuesday, Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships said in a blog post that the names and profile pictures of users connected to Groups and the system’s API were accessible.
Before April 2018, group administrators could authorize an app for a group they managed, giving the application developer access to this information.
Despite restricting information access to just the group’s name, the number of users, and post content — unless users opted-in to share their name and profile picture — in April last year, Facebook says that some apps retained access to this additional data until recently.