Facebook app login

In a 747-page document provided to the US House of Representatives' Energy and Commerce Committee on Friday, Facebook admitted that it granted special access to users' data to 61 tech companies.

According to the document, these 61 companies received a "one-time" extension so they could update their apps in order to comply with a Terms of Service change the company applied in May 2015.

61 companies received API exemptions in 2015

The six-month extension was applied from May 2015, onward, when Facebook restricted its API so apps could not access too much data on its users, and especially the data of users' friends.

The API change came in a period when apps like the one developed by Cambridge Analytica were using the Facebook API to mass-harvest the data of Facebook users.

In May 2015, Facebook realized that apps were abusing this loophole in its permission system to trick one user into granting permission to the personal data of hundreds of his friends, and restricted the Facebook API to prevent indirect data harvesting.

But these 61 tech companies, because they ran popular apps, received an exemption to this API change, during which, theoretically, they could have abused the Facebook API to collect data on Facebook users and their friends. Data that could have been collected included name, gender, birthdate, location, photos, and page likes.

Facebook did not say if any of these companies abused this extension period to harvest data on users and their friends. The list of 61 companies who received an API extension includes:

1. ABCSocial, ABC Television Network
2. Actiance
3. Adium
4. Anschutz Entertainment Group
5. AOL
6. Arktan / Janrain
7. Audi
8. biNu
9. Cerulean Studios
10. Coffee Meets Bagel
11. DataSift
12. Dingtone
13. Double Down Interactive
14. Endomondo
15. Flowics, Zauber Labs
16. Garena
17. Global Relay Communications
18. Hearsay Systems
19. Hinge
20. HiQ International AB
21. Hootsuite
22. Krush Technologies
23. LiveFyre / Adobe Systems
24. Mail.ru
25. MiggoChat
26. Monterosa Productions Limited
27. never.no AS
28. NIKE
29. Nimbuzz
30. NISSAN MOTOR CO / Airbiquity Inc.
31. Oracle
32. Panasonic
33. Playtika
34. Postano, TigerLogic Corporation
35. Raidcall
36. RealNetworks, Inc.
37. RegED / Stoneriver RegED
38. Reliance/Saavn
39. Rovi
40. Salesforce/Radian6
41. SeaChange International
42. Serotek Corp.  
43. Shape Services
44. Smarsh
45. Snap
46. Social SafeGuard
47. Socialeyes LLC
48. SocialNewsdesk
49. Socialware / Proofpoint
50. SoundayMusic  
51. Spotify
52. Spredfast
53. Sprinklr / Sprinklr Japan
54. Storyful Limited / News Corp
55. Tagboard
56. Telescope
57. Tradable Bits, TradableBits Media Inc.
58. UPS
59. Vidpresso
60. Vizrt Group AS
61. Wayin

Of the list above, Serotek received an eight-month extension.

Facebook points the finger at five other companies

Facebook also said it identified five other companies that tested beta versions of their apps that had the "theoretical" capability of harvesting a users' friends data. The list includes.

1. Activision / Bizarre Creations
2. Fun2Shoot  
3. Golden Union Co.
4. IQ Zone / PicDial
5. PeekSocial

"We are not aware that any of this handful of companies used this access, and we have now revoked any technical capability they may have had to access any friends' data," Facebook said.

Facebook slowly closing all loopholes

In addition, Facebook also announced it was discontinuing 38 partnerships with companies that it authorized to build versions of Facebook or Facebook features for custom devices and products, and which may have also gained extensive access to user data.

Last week, a security researcher discovered another quiz app, similar to the one developed by Cambridge Analytica, which also gained access and later exposed the details of over 120 million Facebook users.

The app was named Nametests.com, associated with the eponymous website. Current evidence doesn't suggest the data collected by this second quiz app might have been used for political ads and influence campaigns such as the one collected by Cambridge Analytica.

Related Articles:

Scammers Use Facebook Sharer Page to Push Tech Support Scams

Private Messages for 81k Hacked Facebook Accounts Being Sold Online

Apple's New Data & Privacy Portal Lets You Download Your Data

Signal Upgrade Process Leaves Unencrypted Messages on Disk

DuckDuckGo Is Now Receiving More Than 30 Million Searches in a Single Day