- Facebook has suffered yet another data breach with millions of users being affected.
- A bug in the service’s photo API gave app developers access to unposted photos.
- Apps were also able to pull timeline photos and receive Facebook stories from affected users.
Facebook’s worst year since its release continues with the social media company being hit with yet another data privacy scandal. A bug in the social media platform’s Photos API made photos of up to 6.8 million users visible to app developers between September 13th to September 25th.
Facebook apologized for the incident but did not offer details on when the bug was discovered. The social media company fixed the issue on September 25 and continued to investigate the extent of damage caused by the bug. The delay between the incident and the company reporting it could lead to more controversy with the GDPR, as Facebook missed the deadlines for reporting the data leak.
Facebook will release tools next week that will help developers check if they got access to the unposted photos and they will need to be deleted by the developers. Affected users will receive a notification on the website and the app and will be redirected to the Help Center to check if they have wrongful photo access.
It is surprising to note that Facebook stores photos you upload but do not post and moreover, the photos being sent out to third-party developers definitely taints the social media company’s image even further. This is not the first time the social media company has faced a privacy failure with a number of incidents stacking up over the past year.
Three major incidents have occurred this year including a status update bug in May, a Live video bug in October as well as user authentication tokens being stolen and more recently a bug that allowed websites access to “Likes” data without permission in November. There have been too many security incidents in the company, and it is unlikely an apology is going to help the current situation.