DIY Photography

Your one stop shop for everything photo-video

Search

Submit A Story

Major Photos API bug on Facebook exposed 6.8 million users private photos

by Add Comment

Facebook has today disclosed a major bug that existed on the platform for 12 days between September 13th and September 25th, 2018. The bug has now been fixed, but it opened up access to the private photos of over 6.8 million users to apps through the photo API.

Facebook says on their Developers Blog that apps are normally given access to photos that people share on their timeline. In this instance, though, the bug offered potential access to other photos, including on the Marketplace and Facebook Stories. It also provided access to images that hadn’t been posted publicly at all yet.

Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.

– Facebook

Facebook plans to alert app developers who had access to the Facebook Photos API to determine which people using their app may be impacted. Facebook says that they “will be working with those developers to delete the photos of impacted users”. Given recent events, you’ll forgive me if I don’t take Facebook’s promise at face value.

They also say that they are sorry this happened and that they will be notifying those potentially impacted by the bug through an alert on Facebook. This notification will link them to a new page in the Facebook Help Center, which lists the apps they’ve used recently that were affected by the bug.

We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to.

– Facebook

I can’t say that I’m surprised that Facebook is having another moment in the spotlight for potential privacy issues. Whether through bugs, by design, or just plain old apathy, Facebook’s got a lot of prior form for privacy failure. I can’t imagine this will be the last such piece of news we receive from Facebook, either.

If you want to find out more, head on over to the Facebook Developers blog.

[via DPReview]

Related posts:

Twitter urges all users to change their passwords after major security bug A major Instagram security bug leaked users passwords as plain text Google disables “Photos” on Android TV after privacy bug exposes users Facebook now lets U.S. and Canada users to export photos and videos straight to Google Photos
John Aldred: from diyphotography.net

About John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Free Resources

Advanced lighting book

Recent Posts