Another Facebook Bug Exposed Private Photos Of 6.8M Users

Facebook troubles and the resultant chaos have now become so frequent that it won’t be wrong to consider them a routine. The last issue happened when Facebook exposed 30 million user accounts to hackers due to three different bugs. Now, following the trend, Facebook has confessed to an API glitch affecting 6.8 million users. Allegedly, this Facebook bug exposed private photos of the affected users to third-party apps.

Facebook Bug Exposed Private Photos To Third-Party Apps

In developer news published on Friday, Facebook has confessed breaching users’ privacy due to a glitch. Reportedly, a Facebook bug exposed private photos of millions of users to third-party apps.

As explained, the glitch occurred in a Photo API that remained active for 12 days (between September 13 to September 25, 2018), exposing users’ private photos. The bug discovered by Facebook’s internal security team supposedly affected 6.8 million users. As confirmed by Facebook,

“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.”

According to the blog post, the bug only affected those apps that Facebook permitted to access Photos API and were also allowed by the users to access their photos. Facebook confirmed that it has now fixed the flaw. However, some developers might have accessed the exposed information during the bug’s active period.

In addition to the private photos, the flaw also exposed photos that the users’ hadn’t uploaded. As explained in the blog,

“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post.”

This also includes those photos that the users failed to upload online due to connection errors or other problems. Facebook keeps a copy of such photos for three days – just in case the user decides to come back and repost it.

Investigations Underway

At the moment, Facebook hasn’t revealed any explicit details about the impact of the breach. Next week, it will roll-out tools for app developers to know the users of their apps affected by this bug. It also pledges to continue working to ensure developers delete any photos from the impacted users.

And yes, they did of course apologize.

“We’re sorry this happened.”

Facebook will alert the affected users over the coming days. They have also set up a dedicated help center link to provide further information and assistance.