Facebook blames bug for exposing photos of 6.8 million users

Monday, 17 Dec, 2018

From September 13-25 of this year, developers had access to Facebook users' photos that they never had permission to see.

Facebook found a bug that gave 1,500 third-party apps access to the unposted Facebook photos of 6.8 million users.

The bug affected users who give third-party apps permission to access their photos. The bug meant that developers may have had access to photos that were not shared to user's timelines and instead were shared to Marketplace or to Stories.

"We store a copy of that photo so the person has it when they come back to the app to complete their post", he said.

According to Facebook, this bug affected up to 6.8 million of its users.

On Friday, Facebook disclosed a "bug" in its photos API-the platform for developers to create apps that tap into people's photos on the site. The bug was active for 12 days in September earlier this year.

The bug is the latest in a series of privacy lapses that continue to crop up, despite Facebook's repeated pledges to batten down its hatches and do a better job preventing unauthorized access to the pictures, thoughts and other personal information its users intend so share only with friends and family.

In September, the company said it discovered a security breach affecting about 50 million user accounts that could have allowed hackers to access the accounts.

In June, Facebook confirmed sharing data with at least four large Chinese tech companies, including cell phone maker Huawei, which U.S. intelligence agencies consider a national security threat. This time, the company said that a bug in one of its APIs exposed the private photos of almost 6.8 million users. The social network says it will deliver tools next week to give to app developers to find out if they have user photos they shouldn't, and then a way to delete them.

"With reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook's compliance" with the Europe's General Data Protection Regulation, said Graham Doyle, a spokesman at the Irish DPC, Facebook's main privacy regulator.

It seems that we can't even go a few weeks without some new story about a worrisome Facebook bug emerging.

The affected users soon may be notified and directed to a Facebook help center. And photos that weren't uploaded to Facebook shouldn't be affected, either.

How many people are impacted? But, the fine of a few million pounds may not feel like too much of a burden to a company that continues to remain a monopoly in the social networking space.