Facebook Has Another Slip Up, Exposes Millions of Private Photos to Third-Party Devs

A newly discovered Facebook bug has exposed private photos of nearly 6.8 million users. From September 12th to September 25th, the bug caused some third-party apps to gain access to several private user photos. Today, Facebook announced that they have fixed the bug and detailed the event in a blog post.

“We believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” explains the company. “The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.”

Bug

As long as the user permits it, Facebook allows third-party apps to access their timeline photos. As a result of the bug, third-party apps were able to access non-public photos without permission. Facebook says that developers were able to access other photos, such as those shared on Marketplace or Facebook Stories. Photos uploaded to Facebook that weren’t posted are stored on the site, and as such, they were also impacted.

Facebook is apologizing and is taking steps to alleviate the damages by urging users to delete affected photos.

“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

If you see an alert on your Facebook profile, it means that you might be one of the impacted users, and should follow Facebook’s instructions to delete the affected photos. The developers have also recommended all users to double check which apps have access to their photos.

Over the past few months, there has been a significant rise in data breaches, and Facebook has been in the spotlight more than once.