Facebook Confirms API Bug Exposed Photos Of 6.8 Million Users
It is believed that 1,500 apps by 876 developers were impacted by the bug between September 13th and September 25th, 2018. The issue affected apps that are able to access the photo API and the users who authorized these apps. Facebook typically only allows apps to obtain photos that are posted on a user’s timeline. This bug was also able to access content from Facebook Stories, Facebook Marketplace, and photos that were uploaded but never posted. Facebook tends to store copies of photos so that users are able to post them later.
Facebook vows that “early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug.” They will also notify affected users through Facebook alerts. The company claims that they have fixed the bug and will work with developers to delete the photos.
Why has Facebook waited nearly three months to reveal the bug? The company contends that it has been investigating the issue and determining the best way to work with developers. It is unclear when users will be notified if their photos were shared and if they will be able to get specific details. For the time being, Facebook recommends that users log into their apps and check what kinds of photos their apps may be able to access.
Facebook has dealt with a number of bugs and privacy issues this past year. This past spring, Facebook found a bug that automatically made 14 million users' post public. The bug occurred as Facebook was working on a new share feature. In September, hackers were able to access tokens that could be used to take over accounts. Hackers were able to see private information such as phone numbers and email addresses. This breach affected 30 million users (originally believed to have been as many as 90 million) and led the social media site to turn off their “View As” feature. There was even a rumor last month that 81,000 private messages had been hacked and were up for sale.
The Irish Data Protection Commission recently launched a “statutory inquiry” of Facebook. The institution is responsible for protecting and enforcing individuals' rights to data privacy. They are particularly frustrated by the number of security breaches that have affected Facebook users. Let us hope that Facebook is able to better protect their users’ information in 2019.