Facebook Inc. today revealed that it exposed inactive-user data to developers in yet another potential data-sharing scandal for the social media giant.

The new incident involves about 5,000 app developers having access to user data if the users hadn’t been active on the app in the last 90 days, the point at which access was meant to be cut off. The cutoff date is an arbitrary figure set by Facebook rather than any legal requirement, but it was set by Facebook in response to previous concerns about data sharing.

“Recently, we discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days,” Konstantinos Papamiltiadis, Facebook vice president of platform partnerships, said in a statement. “For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months.”

Facebook fixed the issue the same day it was discovered. Although the number of users potentially affected was not shared, Papamiltiadis added that Facebook would keep investigating and will continue to prioritize transparency around any major updates.

Arguably, the disclosure sounds worse than it actually is. In cases where data was shared in the past 90 days with developers, at no stage did the shared data include any additional data beyond what users had originally allowed apps to access. As ZDNet noted, this “means that unless users changed profile details, the apps already had that data about users on file.”

Facebook has had its fair share of privacy controversies, peaking with the Cambridge Analytica scandal in 2018. In that case, Facebook allowed Cambridge Analytica to harvest Facebook profiles without user permission. The scandal resulted in a small fine for breach of privacy in the U.K. and a broader investigation into Facebook’s overall privacy practices by the U.S. Federal Trade Commission. That ended with a $5 billion fine as part of a settlement that included increased oversight and the implementation of stringent data controls.

Photo of Facebook CEO Mark Zuckerberg: quintanomedia/Flickr