Latest in Gear

Image credit:

Facebook bug let apps access unposted photos for millions of users

Up to 6.8 million people and 1,500 apps were affected.
Kris Holt, @krisholt
December 14, 2018
Share
Tweet
Share

Sponsored Links

PA Wire/PA Images

Facebook has disclosed yet another privacy flub. This time around, it says a bug in the Photo API led to third-party apps being able to access not only timeline photos (which users had permitted them to do), but Stories, Marketplace images and photos people uploaded to Facebook but never actually shared.

"For example, if someone uploads a photo to Facebook but doesn't finish posting it -- maybe because they've lost reception or walked into a meeting -- we store a copy of that photo so the person has it when they come back to the app to complete their post," Engineering Director Tomer Bar explained in a post.

The bug affected as many as 6.8 million people across up to 1,500 apps, Facebook says, and it was active for 12 days before it was detected and fixed on September 25th. Companies are supposed to disclose data breaches within 72 hours under EU General Data Protection Regulation rules, though Facebook told TechCrunch it needed some time to investigate the bug's impact and prepare a notice for affected users in various languages. Still, the delay could land Facebook in hot water with EU regulators.

Next week, Facebook will give developers tools to figure out if the bug affected their app/apps, and help them delete any images they aren't supposed to have. If you were impacted, you should receive a notification directing you to a Help Center article that will lay out the apps you use that the bug affected. Though Facebook is working with developers to destroy their copies of images they shouldn't have, it's probably worth logging into those apps to check which of your photos are there.

It's another privacy setback for Facebook at a time when it can barely afford the PR hit. The company is still trying to recover from the Cambridge Analytica scandal, for one thing, and just last week, some details emerged of Facebook's approach to handling user data. For instance, it granted some companies special access to people's personal information.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Jabra's ANC update for the Elite 75t earbuds is now available

Jabra's ANC update for the Elite 75t earbuds is now available

View
Quibi confirms it's shutting down

Quibi confirms it's shutting down

View
Apple pulls TV Remote app now that it's built into iOS

Apple pulls TV Remote app now that it's built into iOS

View
LG's rollable OLED TV goes on sale for $87,000

LG's rollable OLED TV goes on sale for $87,000

View
'Pokémon Go' gets AR Mapping tasks to enable more realistic effects

'Pokémon Go' gets AR Mapping tasks to enable more realistic effects

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr