Latest in Gear

Image credit: PA Wire/PA Images

Facebook bug let apps access unposted photos for millions of users

Up to 6.8 million people and 1,500 apps were affected.
370 Shares
Share
Tweet
Share

Sponsored Links

PA Wire/PA Images

Facebook has disclosed yet another privacy flub. This time around, it says a bug in the Photo API led to third-party apps being able to access not only timeline photos (which users had permitted them to do), but Stories, Marketplace images and photos people uploaded to Facebook but never actually shared.

"For example, if someone uploads a photo to Facebook but doesn't finish posting it -- maybe because they've lost reception or walked into a meeting -- we store a copy of that photo so the person has it when they come back to the app to complete their post," Engineering Director Tomer Bar explained in a post.

The bug affected as many as 6.8 million people across up to 1,500 apps, Facebook says, and it was active for 12 days before it was detected and fixed on September 25th. Companies are supposed to disclose data breaches within 72 hours under EU General Data Protection Regulation rules, though Facebook told TechCrunch it needed some time to investigate the bug's impact and prepare a notice for affected users in various languages. Still, the delay could land Facebook in hot water with EU regulators.

Next week, Facebook will give developers tools to figure out if the bug affected their app/apps, and help them delete any images they aren't supposed to have. If you were impacted, you should receive a notification directing you to a Help Center article that will lay out the apps you use that the bug affected. Though Facebook is working with developers to destroy their copies of images they shouldn't have, it's probably worth logging into those apps to check which of your photos are there.

It's another privacy setback for Facebook at a time when it can barely afford the PR hit. The company is still trying to recover from the Cambridge Analytica scandal, for one thing, and just last week, some details emerged of Facebook's approach to handling user data. For instance, it granted some companies special access to people's personal information.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
370 Shares
Share
Tweet
Share

Popular on Engadget

A month on, Apple Arcade is too cheap to quit

A month on, Apple Arcade is too cheap to quit

View
The best iPhone screen protectors

The best iPhone screen protectors

View
IKEA begins selling its smart blinds in some US stores

IKEA begins selling its smart blinds in some US stores

View
Le Creuset's Star Wars cookware is available to pre-order

Le Creuset's Star Wars cookware is available to pre-order

View
Verizon and T-Mobile aren't supporting RCS on the Pixel 4 at launch

Verizon and T-Mobile aren't supporting RCS on the Pixel 4 at launch

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr