Facebook admits users' hidden photos were exposed to other apps

Facebook admitted today that a system bug had left users’ hidden photos visible to other apps.

The error in the way Facebook shares photos with third parties meant that apps could see not only photos users had posted on their newsfeed, but also pictures in other parts of the site – on Facebook Stories or Facebook’s Marketplace, for instance.

Users affected are those who had given permission to third-party apps to access their photos through the Facebook login function.

The bug “impacted photos that people uploaded to Facebook but chose not to post”, a Facebook developer, Tomer Bar, said in a written statement released on Friday.

“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar added. “We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual.”

This is the second data breach at Facebook in the last three months. In September some 30 million accounts were affected by a data breach in which hackers accessed personal information including name, relationship status, search activity and recent location check-ins

“We’re sorry this happened,” Bar said of the latest error. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

The full statement can be viewed at : https://developers.facebook.com/blog/post/2018/12/14/notifying-our-developer-ecosystem-about-a-photo-api-bug/

(Image courtesy Noah Berger/AP)