Photos Of 6.8 Million Users Exposed By Latest Facebook Bug

Facebook
  • Contributed by:
  • Views: 172

Facebook is closing out a troubling year with even more bad news. On December 14, the company revealed that a software bug had exposed the photos of millions of users to outside developers. This latest privacy misstep reportedly involves up to 1500 apps by 876 developers and may have affected as many as 6.8 million users.

For an app to be affected by the bug, it had to have been approved by Facebook to access the photos API as well as authorized by users to access their photos. A spokeswoman declined to provide a list of developers who had access to the photos to The Guardian, saying only that Facebook does not think all of them took advantage of that access while it was available.

Tomer Bar, an engineering director at Facebook, explained the details of the bug in a post on the company’s developer blog.

“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” Bar explained. “In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post.”

This larger pool of photos may have been available to third-party apps for 12 days in September before the bug was detected and fixed. Under EU General Data Protection Regulation rules, companies are required to disclose data breaches within 72 hours. Facebook waited until November 22 to report the issue to the Irish Data Protection Commission (IDPC) and three weeks to notify the public, a timeline that could put Facebook in hot water with EU regulators.

Facebook defended the delay to TechCrunch, citing a need for time to investigate which apps and users were involved, but the IDPC has opened an inquiry into the security breach. If regulators determine the company failed to take appropriate action, Facebook could receive a fine equal to four percent of the company’s annual revenue.

The social network has begun notifying users potentially impacted by the bug via an alert on Facebook. To find out if you are among them, visit this page while logged into your account. You will see instructions for how to proceed if your account was impacted. Facebook also plans to roll out tools for app developers that will allow them to determine which users of their app may have been affected, and will work with those developers to delete the photos from impacted users.