From preprint of research paper: "Our deployment of CanaryTrap to monitor 1,024 Facebook apps has uncovered multiple cases of misuse of data shared with third-party apps on Facebook including ransomware, spam, and targeted advertising." [Farooqi et al.]
As covered by VentureBeat:
"In light of their findings, the researchers argue Facebook should mandate that developers implement data deletion request callback into their apps, which would be a user-friendly mechanism for requesting deletion that could help the network audit compliance. 'Third-party apps on online social networks with access to users’ personal information pose a serious privacy threat,' they said."