Facebook's taking action against the developers which it says sold user information to data brokers.
The company plans to cut them off from its communications channels for six months, and will have their data practices independently audited to make sure they comply with its rules.
And the rules themselves are being tightened up.
"Our policy has always stated that data received from Facebook, including UIDs, cannot be shared with data brokers and ad networks," says platform engineer Mike Vernal.
"Moving forward, our policy will state that UIDs cannot leave your application or any of the infrastructure, code, and services you need to build and run your application. You can use services, such as Akamai, Amazon Web Services and analytics services as long as those services keep UIDs confidential to your application."
In order to make sure that developers can still share a unique identifier with content partners or advertisers, Facebook will add new functionality to the Graph API and FGL in the next day or two.
Facebook hasn't identified the developers that were breaking the rules, but says there were fewer than a dozen, none of whom were in the company's top ten.
The company's also struck a deal with a contrite Rapleaf, which had been harvesting user IDs and linking them to its own database, which it sold to third parties. Rapleaf has now agreed to delete all user IDs in its possession.