Notebookcheck

Facebook discloses info on "bug" that allowed apps access to 6.8 million users' non-posted photos

Facebook has admitted to yet another form of data breach. (Source: Picryl)
Facebook has admitted to yet another form of data breach. (Source: Picryl)
Facebook has informed its developers of "a photo API bug" that allowed third-party apps to access photos uploaded to the social media's servers, regardless of whether the user then chose to share these images on their timelines or not. The company has admitted that this new flaw had been in effect for eight days in September 2018 and may have affected as many as 6.8 million users who logged in on those dates.

Facebook has released a post to its 'for developers' blog in which it details a new bug that may have exposed the data associated with millions of unwitting users to third parties. These users are those who allow non-Facebook apps access to their photos. However, it seems that an "API bug" has allowed these apps to see all photos uploaded to the company's servers, and not just those added to timelines as intended.

Therefore, these third-party apps may have been able to access photos that users had uploaded to Facebook, but then decided not to share publicly. The apps may also have been able to reach photos posted to non-timeline areas of the social media site, such as Marketplace or Facebook Stories. The blog post, submitted today (December 14) by company representative Tomer Bar, contains estimates that as many as 1,500 apps developed by 876 separate parties may have had this level of access from September 13 through 25.

Bar also reported that this bug may have affected as many as 6.8 million users over this period. He also relayed the company's apologies for the lapse, and a commitment to the provision of support for developers who want to know how many of their apps' users were affected by it and to what extent. The users themselves will also be contacted in order to inform them of this situation via a Facebook Alert. They will be directed to a resource that will enable them to check whether or not apps that they have granted permissions to in the past have seen more photos than they should have.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 12 > Facebook discloses info on "bug" that allowed apps access to 6.8 million users' non-posted photos
Deirdre O Donnell, 2018-12-14 (Update: 2018-12-14)