A bug in Facebook made private photos of millions of users freely accessible to hundreds of app developers for 12 days. The leak dates from September and has since been fixed. This reports the website Recode.net.
Facebook announced the bug in the Photo API itself in a blog post on Friday evening. According to the company, it may have affected 6.8 million users and affects 1,500 apps from 876 developers. This mainly concerns people who use Facebook Login and who have granted third-party apps access to their photo library. Under those circumstances, between September 13 and 25, certain applications may have had access to “a larger amount of photos than usual,” the statement said.
“When a Facebook user grants an app access to their photos, that app usually only gets access to the images that appear on its timeline. However, this bug potentially allowed developers to view other photos, such as images on Marketplace or in Facebook Stories,” the statement continues. The same goes for photos that were uploaded but never actually shared, for example because the connection was too bad at the time.
Facebook users who have been affected by the bug will soon receive a notification with a link to the Help Center of the social networking site. There they can easily request which apps have had access to their snapshots. For Facebook it is the umpteenth privacy blunder of the past year. Earlier in 2018, the service went awry with accidentally “unblocking” blocked contacts, there was a bug that changed users’ sharing options unsolicited, and hackers gained access to the private data of more than 50 million users. In addition, a data breach scandal involving Cambridge Analytica brought Facebook discredit in March after millions of Facebook users’ data was found to be potentially manipulated for the Trump campaign in 2016.