And notifies 4 million users affected, follows purging of suspect accounts.
After the creators of the myPersonality app, which gathered information on more than four million people Facebook users refused to be audited, the social media company banned the app in a purge that saw 400 additional apps suspended.
"It's clear that they shared information with researchers as well as companies with only limited protections in place. As a result, we will notify the roughly four million people who chose to share their Facebook information with myPersonality that it may have been misused," Facebook Vice President of Product Partnerships Ime Archibong wrote in a blog post.
Notification won't extend to friends of those users, though, "given we currently have no evidence that myPersonality accessed any friends' information," he said, noting they would be contacted "should that change."
The 400 suspended apps were among thousands that the company has reviewed since March, after bolstering security and privacy policies in the aftermath of the Cambridge Analytica scandal in which the data analytics firm violated the social media company's policies by collecting the personal data from tens of millions of Facebook users without their permission.
Assessment of the 400 apps recently suspended raised "concerns around the developers who built them or how the information people chose to share with the app may have been used — which we are now investigating in much greater depth," Archibong wrote.
The discoveries have prompted Facebook to change a bevy of policies, including expanding its App Review and instituting a new policy preventing information to be shared with apps that have been used in 90 days.
Acting on a tip from FireEye about a network of Facebook pages and accounts on other sites called "Liberty Front Press," Facebook discovered coordinated inauthentic behaviour aimed at persons in the Middle East, Latin America, UK and US.
The company was "able to link this network to Iranian state media through publicly available website registration information, as well as the use of related IP addresses and Facebook Pages sharing the same admins," wrote Nathaniel Gleicher, head of cybersecurity policy.
Some of the accounts, dating back to 2013, "attempted to conceal their location, and they primarily posted political content focused on the Middle East, as well as the UK, US and Latin America," Gleicher said, explaining that the in 2017 the focus was increasingly on the US and UK.
"Accounts and pages linked to ‘Liberty Front Press' typically posed as news and civil society organisations sharing information in multiple countries without revealing their true identity," he said.
The accounts attracted about 155,000 followers on Facebook and 48,000 on Instagram.
The second part of Facebook's probe revealed "links between ‘Liberty Front Press' and another set of accounts and pages, the first of which was created in 2016," that "typically posed as news organisations and didn't reveal their true identity," Gleicher said. "They also engaged in traditional cyber-security attacks, including attempts to hack people's accounts and spread malware, which we had seen before and disrupted."
A third segment of the probe in August 2017 "uncovered another set of accounts and pages, the first of which was created in 2011, that largely shared content about Middle East politics in Arabic and Farsi," he said. "They also shared content about politics in the UK and US in English."