Facebook bug leaked private photos from millions of users to app developers

A bug in Facebook has made private photos of millions of users available to hundreds of app developers for twelve days. The leak dates from September and has since been remedied. This reports the website Recode.net

Facebook has publicized the bug in the Photo API Friday evening in a blog post. According to the company, it may have affected 6.8 million users and covers 1500 apps from 876 developers. This mainly concerns people who use Facebook Login and who have granted third-party apps access to their photo library. In those circumstances, certain applications between 13 and 25 September could have access to ‘a larger amount of photos than usual’, according to Facebook’s statement.

“When a Facebook user gives an app access to his photos, he gets app usually only access the images that appear on his timeline. This bug allowed developers to view other photos, such as images on Marketplace or in Facebook Stories, “the statement continues. The same applies to photos uploaded but never actually shared, for example, because the connection at that time was too bad.

Facebook users who were the victim of the bug receive a notification with a link to the Help Center from the social network site. There they can easily request which apps may have had access to their snaps. For Facebook, it is the umpteenth privacy blunder of the end of the year. Earlier in 2018, the service went wrong with the accidental ‘unblocking’ of blocked contacts, there was a bug that adapted users’ sub-options unasked, and hackers gained access to the private data of more than fifty million users. In addition, Facebook was discredited in March by a data breach about Cambridge Analytica after the data of millions of Facebook users might have been manipulated for the Trump campaign in 2016.