In a 747-page document provided to the US House of Representatives' Energy and Commerce Committee on Friday, Facebook admitted that it granted special access to users' data to 61 tech companies.

According to the document, these 61 companies received a "one-time" extension so they could update their apps in order to comply with a Terms of Service change the company applied in May 2015.

61 companies received API exemptions in 2015

The six-month extension was applied from May 2015, onward, when Facebook restricted its API so apps could not access too much data on its users, and especially the data of users' friends.

The API change came in a period when apps like the one developed by Cambridge Analytica were using the Facebook API to mass-harvest the data of Facebook users.

In May 2015, Facebook realized that apps were abusing this loophole in its permission system to trick one user into granting permission to the personal data of hundreds of his friends, and restricted the Facebook API to prevent indirect data harvesting.

But these 61 tech companies, because they ran popular apps, received an exemption to this API change, during which, theoretically, they could have abused the Facebook API to collect data on Facebook users and their friends. Data that could have been collected included name, gender, birthdate, location, photos, and page likes.

Facebook did not say if any of these companies abused this extension period to harvest data on users and their friends. The list of 61 companies who received an API extension includes:

1. ABCSocial, ABC Television Network

2. Actiance

3. Adium

4. Anschutz Entertainment Group

5. AOL

6. Arktan / Janrain

7. Audi

8. biNu

9. Cerulean Studios

10. Coffee Meets Bagel

11. DataSift

12. Dingtone

13. Double Down Interactive

14. Endomondo

15. Flowics, Zauber Labs

16. Garena

17. Global Relay Communications

18. Hearsay Systems

19. Hinge

20. HiQ International AB

21. Hootsuite

22. Krush Technologies

23. LiveFyre / Adobe Systems

24. Mail.ru

25. MiggoChat

26. Monterosa Productions Limited

27. never.no AS

28. NIKE

29. Nimbuzz

30. NISSAN MOTOR CO / Airbiquity Inc.

31. Oracle

32. Panasonic

33. Playtika

34. Postano, TigerLogic Corporation

35. Raidcall

36. RealNetworks, Inc.

37. RegED / Stoneriver RegED

38. Reliance/Saavn

39. Rovi

40. Salesforce/Radian6

41. SeaChange International

42. Serotek Corp.

43. Shape Services

44. Smarsh

45. Snap

46. Social SafeGuard

47. Socialeyes LLC

48. SocialNewsdesk

49. Socialware / Proofpoint

50. SoundayMusic

51. Spotify

52. Spredfast

53. Sprinklr / Sprinklr Japan

54. Storyful Limited / News Corp

55. Tagboard

56. Telescope

57. Tradable Bits, TradableBits Media Inc.

58. UPS

59. Vidpresso

60. Vizrt Group AS

61. Wayin

Of the list above, Serotek received an eight-month extension.

Facebook points the finger at five other companies

Facebook also said it identified five other companies that tested beta versions of their apps that had the "theoretical" capability of harvesting a users' friends data. The list includes.

1. Activision / Bizarre Creations

2. Fun2Shoot

3. Golden Union Co.

4. IQ Zone / PicDial

5. PeekSocial

"We are not aware that any of this handful of companies used this access, and we have now revoked any technical capability they may have had to access any friends' data," Facebook said.

Facebook slowly closing all loopholes

In addition, Facebook also announced it was discontinuing 38 partnerships with companies that it authorized to build versions of Facebook or Facebook features for custom devices and products, and which may have also gained extensive access to user data.

Last week, a security researcher discovered another quiz app, similar to the one developed by Cambridge Analytica, which also gained access and later exposed the details of over 120 million Facebook users.

The app was named Nametests.com, associated with the eponymous website. Current evidence doesn't suggest the data collected by this second quiz app might have been used for political ads and influence campaigns such as the one collected by Cambridge Analytica.