Facebook Photo Bug exposes private images to third-party Apps

Facebook is in the news yet again! This time for how it handles private data of its users. A bug in the system API allowed third-party apps to access people’s private photos.

The incident in question occurred between September 13 and September 25, 2018. Usually, when users grant a permission to an app for accessing their photos on Facebook, only those photographs shared on their timeline are viewable to third-party apps.

Facebook Photo Bug Twitter
Credit, Twitter @Zackwhittaker

The September Facebook photo bug allowed the 3rd party apps to access private photos of users. Moreover, these apps had access to those images that people uploaded to their Facebook but chose not to post.

As many as 6.8 million users might have been affected by this photo API bug.

Facebook app permissions
Just a few months ago, the company admitted that as much as 50 million accounts were hacked. Even more, it appears that both security vulnerabilities occurred around the same time. However, Facebook didn’t acknowledge the photo bug only recently.

Facebook took to Developer News to apologize about the Photo API bug. The bug was subsequently fixed on September 25, after the company discovered about its existence.

Facebook Photo Bug Notification
Credit, Facebook Developer News

The company will alert users affected by the Facebook photo bug. People will be able to check whether they have used any of the apps in question.

If you see the Facebook Photo Bug notification, you are recommended to log into the mentioned apps and check to see if the apps have access to your photos.


Please enter your comment!
Please enter your name here