Skip to main content

Latest Facebook bug exposed up to 6.8 million users’ private photos

Image used with permission by copyright holder

With the latest Facebook API bug, up to 6.8 million consumers on the social network had their private photos inappropriately exposed to third-party apps. Though the issue has since been fixed, some of the apps had access to photos for the 12 days between September 13 and September 25.

Users impacted had already authorized and granted special permissions to these apps to access content from their Timeline, but the bug led developers to access photos that were uploaded but never yet posted on the Marketplace or Facebook Stories. Though Facebook isn’t specifically giving names, it says up to 1,500 apps from 876 developers were affected. Facebook also notes it had approved photos API access for these apps, issuing an apology promising more change.

Mockup of the alert (Image via Facebook) Image used with permission by copyright holder

“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users,” said Tomer Bar, engineering director at Facebook.

Facebook will be alerting impacted consumers with a notification, which will then direct them to the Help Center where they can see if they’ve used any apps that were impacted by the bug. It also is recommended for consumers to individually log into apps to check and see if they’ve wrongfully obtained any photos permissions. A sample notification and interface of what consumers will end up seeing can be seen to the left.

It is not clear when Facebook first was made aware of this API bug. TechCrunch reports that Facebook discovered and fixed it on September 25, but took its time to investigate so it can warn impacted users. That report also makes it clear that photos shared through Facebook Messenger were not impacted.

This would not the first Facebook-related problem in recent months. Back in November, hackers were attempting to sell 120 million private Facebook messages, though that was related to third-party extensions. Before that, up to 50 million accounts were also compromised due to a flaw in access tokens and the “View As” feature. The social media website also apparently knew about Russia data harvesting on its platform since 2014, according to seized documents.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Third-party devs improperly accessed some Facebook groups’ private data
facebook independent oversight board mark zuckerberg  viva tech start up

Facebook is yet again at the center of a user privacy mishap. In a blog post, its head of platform partnerships, Konstantinos Papamiltiadis, revealed that about 100 third-party app developers had improper access to personal data of several groups’ members despite the fact that the social network overhauled its APIs to prevent this exact behavior last year.

Before the alterations to the Groups system, Facebook allowed outside developers to extract information of a group’s members such as their profile pictures, names, and more. All they needed was a green light from the group's admin. However, in the wake of the Cambridge Analytica scandal, the company rolled out an update that restricted the third-party access to the group’s name, the number of users, and posts’ content, and made giving up their private data optional for members.

Read more
Threads, a more private Instagram, automatically updates your status for you
instagram threads launches newsroom 1

Instagram is taking the next step toward a more private social network with an app dedicated for sharing with only your closest friends. Launched on Thursday, October 3, Threads is an Instagram app that ignores everyone but the Close Friends list, updating them with automatic status updates based on your location.

The previously rumored Threads app uses the Close Friends list Instagram launched last year to automatically bring your favorite friends over into a more private app. Instagram is both a social network for friends and for following influencers and creatives -- Threads focuses on the people that are friends in the in-person sense of the word. That narrowed focus, parent company Facebook claims, creates a more private space for interaction.

Read more
I turned off Facebook’s ad trackers, and the ads only got more personalized
close up of someone deleting the Facebook app off their iPhone

After toggling off all seven of Facebook’s ad tracking and information settings, I resumed my News Feed scroll expecting to be regaled with ads for beef jerky and car insurance. Instead, I realized just how much Facebook knows about me and scrolled past ads that, instead of becoming less relevant, only felt more personalized.

Facebook knows that I’m pregnant. Facebook knows that I’m a photographer. Facebook even knows that I’m currently remodelling my bathroom.

Read more