Facebook API bug may have exposed 6.8 million users' private photos

Facebook

Another week and yet another in a seemingly endless stream of Facebook privacy issues. The social networking giant has found itself apologizing, yet again, for leaking users' private data. This time around, an API bug meant that private photos of millions of users may have been exposed to app developers.

The bug was present for nearly two weeks and it went further than simply giving developers access to photos users had posted to their accounts -- it also exposed photos that had been uploaded but not actually posted.

See also:

Revealing the news in a statement, Facebook's Tomer Bar said that between September 13 and September 25, 2018 "some third-party apps may have had access to a broader set of photos than usual". A problem was found in a photo API that affected people who used Facebook Login and granted permission to third-party apps to access their photos.

Summing up what the bug means for users, Bar explains:

When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn't finish posting it -- maybe because they've lost reception or walked into a meeting - we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.

Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.

So Facebook once again apologizes and says it will notify users that may have been affected by the problem. An update is due to be pushed out in the next few days that will let developers determine which users of their apps may have been affected by the bug.

As a result of this latest privacy issue, the Irish Data Protection Commissioner (DPC) says that it will be investigating Facebook. The probe will examine Facebook's "compliance with the relevant provisions of the GDPR (General Data Protection Regulation)".

Image credit: Alberto Garcia Guillen / Shutterstock

2 Responses to Facebook API bug may have exposed 6.8 million users' private photos

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

Regional iGaming Content

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.