Facebook has today disclosed a major bug that existed on the platform for 12 days between September 13th and September 25th, 2018. The bug has now been fixed, but it opened up access to the private photos of over 6.8 million users to apps through the photo API.
Facebook says on their Developers Blog that apps are normally given access to photos that people share on their timeline. In this instance, though, the bug offered potential access to other photos, including on the Marketplace and Facebook Stories. It also provided access to images that hadn’t been posted publicly at all yet.
Facebook plans to alert app developers who had access to the Facebook Photos API to determine which people using their app may be impacted. Facebook says that they “will be working with those developers to delete the photos of impacted users”. Given recent events, you’ll forgive me if I don’t take Facebook’s promise at face value. – Facebook They also say that they are sorry this happened and that they will be notifying those potentially impacted by the bug through an alert on Facebook. This notification will link them to a new page in the Facebook Help Center, which lists the apps they’ve used recently that were affected by the bug. I can’t say that I’m surprised that Facebook is having another moment in the spotlight for potential privacy issues. Whether through bugs, by design, or just plain old apathy, Facebook’s got a lot of prior form for privacy failure. I can’t imagine this will be the last such piece of news we receive from Facebook, either. – Facebook If you want to find out more, head on over to the Facebook Developers blog. [via DPReview]
