Facebook estimates that the glitch occurred with around 5.000 third-party app developers who continued to receive information about users who had previously used Facebook to sign in to their apps, even though the users hadn't used the app in the last 90 days.
Exceeding that deadline goes against Facebook's policy, which promises that third-party apps will no longer be able to receive personal information about a user if they haven't accessed it within the last 90 days.
While the company did not confirm how many people were affected, it said that personal information shared with third-party apps could include email addresses, birthdays, gender or language.
According to a Facebook spokesperson, if an active user were Facebook friends with an inactive user through a third-party app, the app could continue to receive data that the inactive user had previously authorized.
"For example, this could happen if someone used a fitness app to invite their friends from their hometown for a workout, but we don't recognize that some of their friends have been inactive for many months," the spokesperson wrote.
"We fixed the issue within a day of detecting the failure," says the spokesperson. "We will continue to investigate and continue to prioritize transparency regarding any major updates."
The 90-day limit was introduced as part of the overhaul of Facebook's privacy settings, following the Cambridge Analytica scandal in 2018, which saw an estimated 87 million users have their personal data collected by the now-defunct political consulting firm without consent.
