Facebook Vice President affiliate Konstantinos Papamiltiadis in his blog wrote that the detected error is a partner applications inadvertently allow access to user data.
In 2018, Facebook introduced a rule that a user’s permission to share personal information with apps is automatically revoked if the user doesn’t use the app for more than 90 days. As they have now found out, this did not always happen due to a system error, so the applications had access to the user’s data (name, email address…) indefinitely. As an example, Mr. Papamiltiadis listed a fitness app that we once granted access rights to our contacts so that we could invite them to a joint run through the app. According to Facebook’s analysis, about 5,000 applications have such unauthorized access.
As soon as the error was found, they corrected it, but the record does not state when it was, or. how long the error has existed.
As Mashable writes , Konstantinos Papamiltiadis similarly apologized as early as 2018. Even then, the mistake was said to be unintentional.