Facebook Says Bug Affecting 6.8M Exposed Users' Unposted Photos

facebook bug exposes photos of 6.8m users to third party apps

Facebook announced in a blog post today that a photo api bug discovered in September gave app developers too much access to photos of 6.8 million users, including photos users never finished sharing to the site. 

According to the blog post posted to Facebook's developer's blog, a bug allowed apps that users had approved to pull timeline photos, to also access users' Facebook Stories, Marketplace photos, as well as photos people uploaded to Facebook's server, but never actually posted. 

"When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories," Facebook wrote in a blog post explaining the flaw. 

"The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn't finish posting it - maybe because they've lost reception or walked into a meeting - we store a copy of that photo so the person has it when they come back to the app to complete their post."

Facebook says the bug ran for 12 days between September 13th and Sept. 25th and that an investigation by the company revealed that "6.8 million users and up to 1,500 apps built by 876 developers" were affected by the bug. 

"The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos," Facebook wrote. 

The bug is the latest in a series of privacy scandals and problems experienced by the company. Facebook previously disclosed another security breach in September that allowed hackers to access up to 50 million accounts.

Facebook said they would alert those users who may have been affected by the breached with a notice on their site that will show them how to check and see if apps they used were affected. 

"We're sorry this happened," Facebook wrote on its developer's blog. "Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug."

Photo: Getty Images


Sponsored Content

Sponsored Content