In its blogpost, the social media giant Facebook announced that a few thousand developers gained access to the personal data of Facebook and Instagram users who had not logged in for more than 90 days.

After the scandal with Cambridge Analytica in 2018, the company issued a rule prohibiting the transfer of inactive users' account information to developers. However, in some cases, information was still collected, even if users stopped using their accounts for more than 90 days. About 5,000 developers were able to use the data. But under Facebook's guidelines, developers shouldn't receive data from inactive users.

Facebook Had a Vulnerability in the “Login with Facebook” Feature
Security researcher Amol Baikar discovered a critical vulnerability on Facebook that existed for about ten years, and its exploitation allowed cybercriminals to hack any Facebook account.

It is not known how many users are involved in this situation. Facebook did not disclose how long this transfer of data to third parties lasted. It is only known that such data as users' language and gender was transmitted, but they previously provided apps with access to this data. The problem was fixed immediately after detection.

"We haven't seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook," the company wrote.

After the scandal in 2018, in mid-July 2019, the US Federal Trade Commission decided on a fine of $5 billion for Facebook due to data leakage of 87 million users. The source of the leak was Cambridge Analytica, which used the data to create effective political advertising for Donald Trump's campaign.

Facebook Users Affected by a Huge Data Breach | The Internet Protocol
The unprotected database contained sensitive information such as users’ full names, phone numbers, and Facebook IDs, and was available online for quite a while.