Facebook said that private group member information such as names and profile pictures might have been accessed by approximately 100 developers of primarily video streaming and social media management apps. This happened after Facebook restricted or removed several developer APIs, including the Groups API, the one that provided the app devs with extended access to group info for longer than intended after their apps retained access to the data. Facebook says that the developers that may have accessed group members information will be asked to delete member data. The company also plans to conduct audits to confirm the developers have deleted the data as requested.
Source: https://www.bleepingcomputer.com/news/security/facebook-discloses-privacy-breach-caused-by-groups-api-bug/