- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Today 3:27 PM
- QAnon believers link small-town arrest to deep state conspiracy without evidence Today 1:58 PM
- Instagram photos showing prison conditions spark massive protest Today 1:33 PM
- ‘Gay rat wedding’ headline sparks amazing new meme Today 1:03 PM
- ‘I read a gossip piece’ meme mocks Moby’s Instagram post Today 12:39 PM
- Rotten Tomatoes wants to see your ticket stub to leave a verified review Today 11:46 AM
- ‘Sonic the Hedgehog’ movie delayed to 2020 to fix his look Today 11:39 AM
- ‘Swamp Thing’ gets off to a promising start, but can it tell a convincing love story? Today 11:34 AM
- ‘Falling on deaf ears’: ‘Queer Eye’ star sparks conversation about ableist idioms Today 11:15 AM
- Parents are spending thousands on YouTube camps that teach kids how to be famous Today 10:43 AM
- In season 2 of ‘She’s Gotta Have It,’ Spike Lee remains unapologetically himself Today 10:36 AM
- Trump selling Pride shirts is a grotesque insult to the LGBTQ community Today 10:27 AM
- Logan Paul is being mocked for pulling out of slapping competition Today 9:57 AM
- 47 House Democrats sign criticized net neutrality working group letter Today 9:17 AM
- How ‘and I oop’ became the perfect reaction meme for shocking developments Today 8:47 AM
Sorrawit Saosiri/Shutterstock (Licensed)
Facebook revealed Friday that 6.8 million of its users were affected by a bug that exposed their private photos to third-party developers.
The bug, which was present between Sept.13-25, 2018, allowed certain apps designed to access users’ timeline photos to also grab other content, including private pictures they uploaded but never shared.
“For example, if someone uploads a photo to Facebook but doesn’t finish posting it—maybe because they’ve lost reception or walked into a meeting—we store a copy of that photo so the person has it when they come back to the app to complete their post,” Facebook engineering director Tomer Bar said in a blog post.
Facebook stated that other photos, “such as those shared on Marketplace or Facebook Stories,” were also inadvertently exposed.
According to TechCrunch, Facebook alerted the Office Of The Data Protection Commissioner (IDPC), the European Union’s (E.U.) privacy watchdog, on Nov. 22.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar added. “The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.”
Despite the E.U. requiring such companies to disclose major security incidents within 72 hours as part of General Data Protection Regulation (GDPR) rules, Facebook waited nearly one month after initially finding the bug on Sept. 25.
Facebook told TechCrunch that it needed time to investigate the matter before it could decide whether the issue warranted reporting to the IDPC.
The company also plans to begin releasing tools to developers next week that will “allow them to determine which people using their app might be impacted by this bug.”
“We will be working with those developers to delete the photos from impacted users,” Bar noted.
The incident comes as Facebook receives increased scrutiny over its data practices following numerous scandals and security issues.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.