A developer contacted TechCrunch with the news that a Facebook App Analytics summary email had been sent to someone outside their company; the email contained private data like weekly average users, page views and new users, according to the report. Facebook confirmed to TechCrunch that 3 percent of apps using the company’s analytics platform had their weekly summaries sent to app testers instead of just developers.
Testers are often people outside of a developer’s company. If the leaked info got to an app’s competitors, it could provide them an advantage. At least they weren’t allowed to click through to view more extensive historical analytics data on Facebook’s site.
One affected developer told TechCrunch “Not sure why it would ever be appropriate to send business metrics to an app user. When I created my app (in beta) I added dozens of people as testers as it only meant they could login to the app…not access info!” They’re still waiting for the disclosure from Facebook.
Facebook wouldn’t disclose a ballpark number of apps impacted by the error.
However, as TechCrunch notes, none of the testers were able to see any more specific data via the email. Facebook says it has fixed the issue and that no personal information was disclosed. The company will email all app developers that were affected by the bug.
While Facebook has been working diligently to patch app platform privacy holes since the Cambridge Analytica scandal, removing access to many APIs and strengthening human reviews of apps, issues like today’s make it hard to believe Facebook has a proper handle on the data of its 2 billion users.