Facebook Inc said it unknowingly gave outside developers access to private user information shared within some groups on its main social network, including the names and profile photos of people who were part of those groups.

The company disclosed the issue on Nov 5, saying that for the past 18 months some third-party developers who used Facebook’s Groups API – a software program that allows for information sharing between Facebook and outside developers – could see which users shared posts or left comments inside a group, even though they weren’t supposed to have that level of detail.