Facebook has disclosed another security mess-up that affected millions of its users - something that has become a routine for the social networking giant. The company says a bug allowed third party developers to see photos of Facebook users who had uploaded certain images but hadn't chosen to actually post them. This "bug" affects nearly 6.8 million of Facebook users.
"Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos," the company writes. "When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories."
The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn't finish posting it - maybe because they've lost reception or walked into a meeting - we store a copy of that photo so the person has it when they come back to the app to complete their post. (emphasis is ours)
The company says it "currently" believes up to 6.8 million users and up to 1,500 apps built by 876 developers could be affected. "The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos," Facebook adds as if it could legitimize this extremely severe privacy breach.
The bug may have given developers access to your never-shared photos but why is Facebook storing these images in the first place?
The latest issue doesn't only raise concerns because Facebook continues to end up giving broader data access to developers but it also highlights yet again that the social networking giant will hoard as much data as possible, and most of the times without consumers' knowledge.
As shared in the above excerpt, the company is saying that the affected images are the ones that the user either decided not to share after uploading or lost reception during the process. The fact that the company even stores these photos is nothing short of a privacy invasion.
Facebook says that it discovered the bug on September 25 and that it was live for 12 days. However, the company once again chose not to disclose it since on the same day, another Facebook privacy disaster was reported that affected 30 million users. As TechCrunch reports, the company could face GDPR fines for failing to disclose it within 72 hours. But, the fine of a few million pounds may not feel like too much of a burden to a company that continues to remain a monopoly in the social networking space.
As for the delayed response itself, Facebook has simply apologized - yet again. The company said it will notify people who have been impacted via an alert.
In this storystream:
- How to Check If Your Account Data Was Stolen in Yet Another FB Hack
- FB Says Last Month’s Massive Security Hack Affected 30 Million Users (Location & Search History Also Stolen)
- UK Users to File a Class Action Lawsuit Over Cambridge Analytica Data Misuse Scandal
- FB Argues Why Users Should Continue Sharing Data – Confuses Data Portability with Unconsented Data Sharing
- Zuckerberg Bows Down to Advertisers, Bringing Back Data Brokers – Promises Transparency and Accountability