Oh, Facebook. Not again.

The New York Times has reportedly uncovered hundreds of pages of internal documents from Facebook that detail special arrangements carved out for many other tech companies. These include far greater access to personal user data than the social network has ever previously disclosed.

“Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.”

The documents also show that Facebook gave Amazon permission to grab “users’ names and contact information through their friends.” These kinds of permissions, without user consent, were extended across the board to over 100 other companies.

It’s unclear how many of those companies took advantage of these loosely defined permissions. Spotify and Netflix, for their part, both said they weren’t aware that messaging data was exposed to them. Still, it’s a scary thought and certainly not a good look for Facebook.

As for Apple’s involvement, the New York Times says that “Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data.” Apple famously retains control over all aspects of its operating system and closely monitors apps delivered through its App Store, so what power Facebook could grant them exactly is a mystery. But for the record, Apple officials have said they “were not aware that Facebook had granted its devices any special access.”

It’s not been a good year for Facebook. First, there was the Cambridge Analytica scandal, then another data breach was discovered, and then we found out the company sometimes ignores your security preferences. The full exposé from NYT is worth a read if you want all the gory details on this latest misstep.