Major Photos API bug on Facebook exposed 6.8 million users private photos

Dec 15, 2018

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Major Photos API bug on Facebook exposed 6.8 million users private photos

Dec 15, 2018

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Join the Discussion

Share on:

Facebook has today disclosed a major bug that existed on the platform for 12 days between September 13th and September 25th, 2018. The bug has now been fixed, but it opened up access to the private photos of over 6.8 million users to apps through the photo API.

Facebook says on their Developers Blog that apps are normally given access to photos that people share on their timeline. In this instance, though, the bug offered potential access to other photos, including on the Marketplace and Facebook Stories. It also provided access to images that hadn’t been posted publicly at all yet.

Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.

– Facebook

Facebook plans to alert app developers who had access to the Facebook Photos API to determine which people using their app may be impacted. Facebook says that they “will be working with those developers to delete the photos of impacted users”. Given recent events, you’ll forgive me if I don’t take Facebook’s promise at face value.

They also say that they are sorry this happened and that they will be notifying those potentially impacted by the bug through an alert on Facebook. This notification will link them to a new page in the Facebook Help Center, which lists the apps they’ve used recently that were affected by the bug.

We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to.

– Facebook

I can’t say that I’m surprised that Facebook is having another moment in the spotlight for potential privacy issues. Whether through bugs, by design, or just plain old apathy, Facebook’s got a lot of prior form for privacy failure. I can’t imagine this will be the last such piece of news we receive from Facebook, either.

If you want to find out more, head on over to the Facebook Developers blog.

[via DPReview]

Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

John Aldred

John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter – and occasional beta tester – of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *