- ‘Egg Boy’ vows to send GoFundMe money to mosque shooting victims 3 Months Ago
- Noom is a weight loss program that prioritizes your mental health 3 Months Ago
- Shane Dawson once joked about ejaculating on his cat—and people are furious Today 8:54 AM
- Rep. Steve King posts Civil War fantasy meme—accidentally mocks own state Today 8:41 AM
- Gaming company Valve removed tributes to Christchurch shooter Today 8:39 AM
- The best new bands at SXSW 2019 Today 8:00 AM
- You can watch DC Universe’s acclaimed original shows for free Today 6:28 AM
- Ximena Sariñana talks capturing feminine energy on her latest album Today 6:00 AM
- The power of parasocial relationships in the age of loneliness Today 6:00 AM
- How to get started with WhatsApp on desktop Today 5:30 AM
- Netflix will remove controversial disaster footage from ‘Bird Box’ Sunday 4:04 PM
- J.K. Rowling’s latest ‘Fantastic Beasts’ reveal is bringing the memes Sunday 3:01 PM
- President Trump calls for government agencies to ‘look into’ ‘Saturday Night Live’ Sunday 12:18 PM
- How to stream Michael Conlan vs. Ruben Garcia Hernandez for free Sunday 11:00 AM
- ‘Pet Sematary’ is a bloodless remake of a Stephen King classic Sunday 10:50 AM
Sorrawit Saosiri/Shutterstock (Licensed)
Facebook revealed Friday that 6.8 million of its users were affected by a bug that exposed their private photos to third-party developers.
The bug, which was present between Sept.13-25, 2018, allowed certain apps designed to access users’ timeline photos to also grab other content, including private pictures they uploaded but never shared.
“For example, if someone uploads a photo to Facebook but doesn’t finish posting it—maybe because they’ve lost reception or walked into a meeting—we store a copy of that photo so the person has it when they come back to the app to complete their post,” Facebook engineering director Tomer Bar said in a blog post.
Facebook stated that other photos, “such as those shared on Marketplace or Facebook Stories,” were also inadvertently exposed.
According to TechCrunch, Facebook alerted the Office Of The Data Protection Commissioner (IDPC), the European Union’s (E.U.) privacy watchdog, on Nov. 22.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar added. “The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.”
Despite the E.U. requiring such companies to disclose major security incidents within 72 hours as part of General Data Protection Regulation (GDPR) rules, Facebook waited nearly one month after initially finding the bug on Sept. 25.
Facebook told TechCrunch that it needed time to investigate the matter before it could decide whether the issue warranted reporting to the IDPC.
The company also plans to begin releasing tools to developers next week that will “allow them to determine which people using their app might be impacted by this bug.”
“We will be working with those developers to delete the photos from impacted users,” Bar noted.
The incident comes as Facebook receives increased scrutiny over its data practices following numerous scandals and security issues.
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.