Facebook has admitted yet another astonishing privacy breach, this time exposing the photos – including those that hadn’t been posted – of 6.8 million users to thousands of third-party apps.
The under-fire social network says a bug in its Photo API gave 1,500 apps access to those photos during a two-week period between September 13 and September 26 this year.
The company says the bug affected people who used Facebook Login and granted permission to third-party applications to access their photos. However, the bug gave these developers (some 876 in total) broader access than usual to the photographs.
The company explained that, when users grant third-party apps access to their photos, it usually only pertains to those already shared on a timeline. However, this bug offered access to photos posted on Facebook Stories or Marketplace. Not only that, they also had access to photos uploaded to the app, but not yet posted.
Related: How to delete your Facebook account
If you’re wondering how that’s possible, Facebook explains “we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.”
Now the company is back to the all-too-familiar process of notifying users who’ve been affected by the lack of reverence for their privacy. Again, it is notifying those users via an alert on Facebook.
“We’re sorry this happened,” Facebook’s engineering director Tomer Bar wrote in the blog post.
“Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.
“We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to.”
The issue has arisen at the end of an horrendous year for Facebook, not just in terms of protecting the data of its users, but in potentially undermining democracy and hastening the spread of fake news. The company is facing calls for greater regulation of its platform from governments around the world, while there are also calls for the company to be broken up.
Have you received a notification from Facebook informing you your photos had been compromised? Let us know @TrustedReviews on Twitter.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.