It just hasn’t been a great year for Facebook. You would think the Cambridge Analytica debacle was enough for one calendar year, but since then accounts have been hacked and other data has been stolen.
Almost to the finish line of 2018, Facebook is now reporting some accounts might have been affected by an API bug earlier this year. And this kind of bug exposed private photos for millions of users.
Not a picture-perfect end to the year
Friday, Facebook said its internal team found a bug that affected users who previously granted photo access permission to third-party app developers. In essence, these developers had access to potentially private photos during a 12-day window from Sept. 13 to Sept. 25. Here’s how Facebook’s Tomer Bar explained the issue in a blog posted to Facebook for Developers:
“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo so the person has it when they come back to the app to complete their post.”
Facebook says the issue has since been fixed, but that it affected up to 6.8 million users and 1,500 apps built by nearly 900 developers. Yikes!
‘We’re sorry this happened’
Facebook plans to notify users impacted by this exposure. If you’re on the list, Facebook will notify you through your account with a link to its Help Center. There, you’ll be able to check if you’ve used any of the apps affected by the bug.
The social network says it’ll also be rolling out new tools for app developers early next week to help determine which specific app users were affected. Then, Facebook will work with those developers to delete photos from impacted users.
“We’re sorry this happened,” Bar said in the blog post. Read the blog in its entirety by clicking or tapping here
Finally, he recommends that Facebook users log into apps that were granted access to account photos and check what those apps actually have access to.