A Facebook software flaw may have exposed the photos of 6.8 million users to a much wider audience than intended, the social network confirmed Friday. “Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos,” said Facebook’s Tomer Bar, in a blog post.
“We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018.”
Bar said the bug may have affected up to 1,500 apps built by 876 developers.
“We’re sorry this happened,” he added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
News of the embarrassing software flaw comes just a day after Facebook opened a pop-up kiosk in Midtown Manhattan to teach users about privacy.
It’s not yet known whether anyone actually saw the photos, but the revelation of the now-fixed problem served as another reminder of just how much data Facebook has on its 2.27 billion users, as well as how frequently these slip-ups are recurring.
Bryan Becker, an application security researcher at WhiteHat Security, said that Facebook should look at its internal procedures for handling code. “If we take Facebook at their word that the exposure only ran for 12 days, I think it’s best to assume this was caused by a bug in a code update (rather than, say, a poorly thought out security policy),” he said, in a statement emailed to Fox News.
“Preventing bugs like this from making it to production takes an organized effort across the team. Secure code review, automated testing, and auditing are all needed to help defend against insecure code pushes.”
The bug is the latest in a series of privacy lapses that continue to crop up, despite Facebook’s repeated pledges to batten down its hatches and do a better job preventing unauthorized access to the pictures, thoughts and other personal information its users intend to share only with friends and family.
Facebook and its leadership are coming under intense scrutiny at the moment amid ongoing concern about the tech giant’s handling of user data.