- Is Trump defiling the U.S. flag in this MAGA dude’s artwork? Sunday 4:41 PM
- White woman claims she invented sleep bonnets, selling them for $100 Sunday 4:03 PM
- Even real cats are transfixed by the enigma that is the ‘Cats’ trailer Sunday 3:04 PM
- Wait, how tall is Peppa Pig? Sunday 1:55 PM
- Twitter suspends Iranian state media outlets for harassing members of a religious minority Sunday 1:06 PM
- Pro-MAGA pageant queen stripped of title over ‘offensive’ tweets Sunday 11:52 AM
- Marvel unveiled its Phase 4 plans at San Diego Comic-Con Sunday 9:16 AM
- How a queer Instagram is helping fight the opioid epidemic in Appalachia Sunday 6:30 AM
- Philadelphia to fire 13 officers for racist, violent Facebook posts Saturday 6:12 PM
- Nick Offerman is so down to play every single role in ‘Cats’ Saturday 4:27 PM
- Woman documents how airport staff broke her wheelchair Saturday 3:04 PM
- Funeral home allegedly posted photos of woman’s dead body on social media Saturday 1:56 PM
- Alinity Divine is being investigated after throwing her cat during stream (updated) Saturday 12:04 PM
- ‘Comedians In Cars Getting Coffee’ returns with Seinfeld making a racist joke about China Saturday 10:26 AM
- YouTubers Eugenia Cooney and Shane Dawson make a joint comeback Saturday 9:06 AM
Sorrawit Saosiri/Shutterstock (Licensed)
Facebook revealed Friday that 6.8 million of its users were affected by a bug that exposed their private photos to third-party developers.
The bug, which was present between Sept.13-25, 2018, allowed certain apps designed to access users’ timeline photos to also grab other content, including private pictures they uploaded but never shared.
“For example, if someone uploads a photo to Facebook but doesn’t finish posting it—maybe because they’ve lost reception or walked into a meeting—we store a copy of that photo so the person has it when they come back to the app to complete their post,” Facebook engineering director Tomer Bar said in a blog post.
Facebook stated that other photos, “such as those shared on Marketplace or Facebook Stories,” were also inadvertently exposed.
According to TechCrunch, Facebook alerted the Office Of The Data Protection Commissioner (IDPC), the European Union’s (E.U.) privacy watchdog, on Nov. 22.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar added. “The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.”
Despite the E.U. requiring such companies to disclose major security incidents within 72 hours as part of General Data Protection Regulation (GDPR) rules, Facebook waited nearly one month after initially finding the bug on Sept. 25.
Facebook told TechCrunch that it needed time to investigate the matter before it could decide whether the issue warranted reporting to the IDPC.
The company also plans to begin releasing tools to developers next week that will “allow them to determine which people using their app might be impacted by this bug.”
“We will be working with those developers to delete the photos from impacted users,” Bar noted.
The incident comes as Facebook receives increased scrutiny over its data practices following numerous scandals and security issues.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.