Facebook’s Photo API Bug Exposed Private Photos of 6.8 Million Users

Facebook Phtos breach

I’ve said this before, and I’ll say it again, 2018 has been a rough year when it comes to users’ privacy. It also started with Facebook’s Cambridge Analytica scandal earlier this year, in which personal data of millions of people were harvested without consent.

Now, it looks like we have come full circle to wrap up this year yet another data breach at Facebook. This time, we are talking about private photos from up to 6.8 million users. Yes, Facebook has announced that it accidentally exposed private photos of millions of users to third-party apps.

Facebook’s Photo API Bug Exposed Private Photos of 6.8 Million Users

What Happened?

In a blog post detailing the bug, the social network said that some third-party apps may have had access to “a broader set of photos than usual” for up to 12 days between September 13 to September 25, 2018. Facebook said it may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.

Here’s what Facebook said – “When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.”

Facebook said the bug had to do with an error related to Facebook Login and its photos API. The bug allowed developers to access Facebook photos within the app. It is also worth pointing out that this particular bug may have exposed even the photos that people decided to upload to the platform but chose not to post. So I am inclined to believe that those photos were private, which, you know, are meant to be kept that way.

What Can You Do Now?

Facebook says it’ll notify the people potentially impacted by this bug via an alert on Facebook. The notification will apparently direct you to a Help Center link where you’ll be able to see if you’ve used any of the apps that were affected by the bug.

Facebook’s Photo API Bug Exposed Private Photos of 6.8 Million Users
Facebook Breach Alert Notification

Even if you haven’t received a notification, you should log into any apps with which you’ve shared your Facebook photos. You might want to get rid of any/ all private photos. Other than that, there’s nothing else you can do at this point.

Honestly, at this point, I wonder if it’s really worth having a Facebook account. We’re talking about a company that has failed to preserve its users’ private information, not once, but two times in the same year. And the worst is, the problems, in both cases, haven’t been caused by a malicious third-party group. It’s Facebook’s own mistake, really.

comment Comments 0
Leave a Reply