Facebook recently reported that it has suffered a data breach that exposed 6.8 million users’ private photos to third-party application developers. The social networking giant announced that its internal team discovered a photo API bug that allowed third-party apps to access users’ photos for 12 days between September 13 to September 25, 2018. The company declared that it has fixed the issue, but some third-party apps may have had access to a wider set of photographs which were uploaded/shared on the Facebook Stories.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos,” Facebook said in a post.
Apologizing to the users, Facebook said that it’s introducing advanced tools to identify the applications affected by the bug. It also stated that it’s notifying the users who’re impacted by the bug via an alert on Facebook.
“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users,” the post added.
Facebook has already faced severe criticism over privacy issues this year. The company drew fire for not handling misinformation and election manipulation on the platform too well. In October this year, Facebook announced that its team has discovered a security breach that has affected nearly 50 million users globally.
The vulnerability existed in the basic ‘View As’ feature which was often used to show how the account looks like to the public. The vulnerability in the code and a combination of three bugs allowed the hackers to penetrate the accounts.