Facebook API bug might have exposed 6.8 million users’ private photos to developers

Security / Tech

The Facebook API bug reported by the company may have exposed the private photos of at least 6.8 million users.

Social media and tech company security is fast becoming a national conversation. Especially when tech companies continually drop the ball like this new Facebook API bug. The Facebook API bug reported by the company may have exposed the private photos of at least 6.8 million users. The bug allowed access to photos beyond the third-party app request. Facebook says the bug impacted users between September 13 to September 25, 2018. The company has since fixed the issue but is just now revealing the news. Here’s a portion of Facebook’s explanation:

When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo so the person has it when they come back to the app to complete their post.

Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.

The company says users impacted by this Facebook API bug have been notified with an alert (notification) in Facebook. The notification will direct them to a Help Center link where they’ll be able to see if they’ve used any apps that were affected by the bug. an example of the notification can be seen below.

Facebook API bug

What do you think of this Facebook API bug and potential photo breach? Did you get a notification? Were you impacted? Let us know in the comments below or on Google+, Twitter, or Facebook.

 Source: Facebook Blog

Last Updated on

Comments
To Top