Following the Cambridge Analytica scandal this spring, Facebook vowed it would tighten restrictions on app developers’ access to user data. Part of that process involved a review of how apps currently use our info. Facebook announced part of its findings this week, and said it had cut off access for “hundreds of thousands” of apps.

According to the company, these apps didn’t necessarily do anything wrong, but they also didn’t submit to Facebook’s app review process. It’s troubling to think that these dormant apps had access to user data for so long before getting cut off. That information easily could’ve been obtained by bad actors if they were somehow able to hack into these abandoned apps.

“We are cutting off API access for hundreds of thousands of inactive apps,” Facebook’s VP of Product Partnerships, Ime Archibong, wrote in a blog post. “Our goal with all these changes is to ensure that we better protect people’s Facebook information while also enabling developers to build great social experiences.”

It’s good that Facebook finally did something to address this problem, but like with so many of the company’s issues, it feels like too little, too late. After all, 87 million users had their data improperly revealed in the Cambridge Analytica scandal alone. There’s no telling how many more controversies like it have yet to be discovered.