- Chaotic good, true neutral: The 2020 Democrat alignment chart Today 6:30 AM
- How to stream Mexico vs. Brazil live in the U-17 World Cup final Today 3:00 AM
- Influencer gets prison time for performing illegal cosmetic procedures on followers Saturday 5:13 PM
- Parent immediately regrets baby monitor after seeing ‘possessed’ baby Saturday 3:53 PM
- Buttigieg used Kenyan stock photo to promote plan for Black America Saturday 2:29 PM
- Disney+ is the best streaming service for families available today Saturday 1:43 PM
- Netflix to amend Nazi docuseries after being accused of rewriting history Saturday 1:09 PM
- Everything you need to know about TikTok Saturday 1:00 PM
- Screaming drummer girl steals hearts with passionate Nirvana cover Saturday 12:50 PM
- The Kardashians receiving backlash for food fight Instagram post Saturday 10:26 AM
- How to stream Artem Lobov vs. Jason Knight in BKFC Saturday 9:00 AM
- Lizzo sued by Postmates runner she accused of stealing her food Saturday 8:39 AM
- How to stream Jan Blachowicz vs. Ronaldo ‘Jacare’ Souza on UFC Fight Night Saturday 8:00 AM
- How to watch Georgia vs. Auburn live Saturday 6:30 AM
- How to stream Navy vs. Notre Dame live Saturday 3:30 AM
Facebook revealed Friday that 6.8 million of its users were affected by a bug that exposed their private photos to third-party developers.
The bug, which was present between Sept.13-25, 2018, allowed certain apps designed to access users’ timeline photos to also grab other content, including private pictures they uploaded but never shared.
“For example, if someone uploads a photo to Facebook but doesn’t finish posting it—maybe because they’ve lost reception or walked into a meeting—we store a copy of that photo so the person has it when they come back to the app to complete their post,” Facebook engineering director Tomer Bar said in a blog post.
Facebook stated that other photos, “such as those shared on Marketplace or Facebook Stories,” were also inadvertently exposed.
According to TechCrunch, Facebook alerted the Office Of The Data Protection Commissioner (IDPC), the European Union’s (E.U.) privacy watchdog, on Nov. 22.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar added. “The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.”
Despite the E.U. requiring such companies to disclose major security incidents within 72 hours as part of General Data Protection Regulation (GDPR) rules, Facebook waited nearly one month after initially finding the bug on Sept. 25.
Facebook told TechCrunch that it needed time to investigate the matter before it could decide whether the issue warranted reporting to the IDPC.
The company also plans to begin releasing tools to developers next week that will “allow them to determine which people using their app might be impacted by this bug.”
“We will be working with those developers to delete the photos from impacted users,” Bar noted.
The incident comes as Facebook receives increased scrutiny over its data practices following numerous scandals and security issues.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.