Skip to main content

Latest Facebook bug exposed up to 6.8 million users’ private photos

Image used with permission by copyright holder

With the latest Facebook API bug, up to 6.8 million consumers on the social network had their private photos inappropriately exposed to third-party apps. Though the issue has since been fixed, some of the apps had access to photos for the 12 days between September 13 and September 25.

Recommended Videos

Users impacted had already authorized and granted special permissions to these apps to access content from their Timeline, but the bug led developers to access photos that were uploaded but never yet posted on the Marketplace or Facebook Stories. Though Facebook isn’t specifically giving names, it says up to 1,500 apps from 876 developers were affected. Facebook also notes it had approved photos API access for these apps, issuing an apology promising more change.

Mockup of the alert (Image via Facebook) Image used with permission by copyright holder

“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users,” said Tomer Bar, engineering director at Facebook.

Facebook will be alerting impacted consumers with a notification, which will then direct them to the Help Center where they can see if they’ve used any apps that were impacted by the bug. It also is recommended for consumers to individually log into apps to check and see if they’ve wrongfully obtained any photos permissions. A sample notification and interface of what consumers will end up seeing can be seen to the left.

It is not clear when Facebook first was made aware of this API bug. TechCrunch reports that Facebook discovered and fixed it on September 25, but took its time to investigate so it can warn impacted users. That report also makes it clear that photos shared through Facebook Messenger were not impacted.

This would not the first Facebook-related problem in recent months. Back in November, hackers were attempting to sell 120 million private Facebook messages, though that was related to third-party extensions. Before that, up to 50 million accounts were also compromised due to a flaw in access tokens and the “View As” feature. The social media website also apparently knew about Russia data harvesting on its platform since 2014, according to seized documents.

Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
The Tesla bot isn’t superhuman yet, but it can make dinner
Tesla's Optimus robot stirring an oven pot.

A week ago we saw Tesla’s Optimus robot showing off some nifty dance moves. This week, you can watch it performing a bunch of mundane tasks, though admittedly with a great deal of skill -- for a humanoid robot.

Instructed via natural language prompts, the so-called “Tesla bot” is shown in a new video dumping trash in a bin, cleaning food off a table with a dustpan and brush, tearing off a sheet of paper towel, stirring a pot of food, and vacuuming the floor, among other tasks. 

Read more
Best of Computex 2025 awards: The tech that impressed us the most
Best of Computex 2025

Although Computex 2025 is still far from over, the biggest announcements have already been dropped, and this year's event turned out to be quite exciting. From graphics cards to laptops and monitors, there's plenty of options for a tech enthusiast to dig into, and some -- if not most -- of these new innovations are already available, or will be soon.

Out of all the thrilling new tech that companies such as AMD, Asus, Acer, and MSI announced, what impressed us the most? Below, you'll find the new releases that scored our Best of Computex 2025 award.

Read more
Google IO 2025 summary: 5 big announcements you’ll want to know
Google IO 2025 logo on the surface of the earth

Google IO 2025 delivered us a huge helping of AI during the almost two-hour opening keynote.

Google's CEO, Sundar Pichai, and colleagues got through an awful lot on stage, and while some of the talk was aimed primarily at developers, there were plenty of big announcements for us - the people on the street - to explore.

Read more