In a startling expose published in the New York Times this week, it was revealed that Facebook has long-standing deals with around 150 media and tech companies to share its users data, often without the explicit permission from the users.

In the wake of the Cambridge Analytica privacy scandal earlier this year, news of Facebook’s carelessness with users data here is par for the course, but still terrifying in a broader sense. Much of the information that was shared with companies was public on the users’ profiles; but, there were a variety of deals struck with companies, each with its own worrisome implications.

The worst of the bunch, according to most who’ve read the report, are read & write permissions on users’ private messages granted to companies including Spotify, Netflix, and the Royal Bank of Canada. This access was actually granted to the companies in 2010 as “part of an early (pre-Messenger) effort to build a messaging platform,” writes Verge.

“In Spotify’s case, for example, the company plugged into your chat window to send songs to your friends.”

Many of these deals were “officially” discontinued over the years, and yet the companies involved retained these backdoors into users’ data for years after. Some were found to have access as recently as 2017, two companies still had access this past summer.

Other partnerships included giving Apple access to users’ Facebook contacts and calendar entries, and giving Amazon the names and contact information of users.

Read the full report from the Times here.