- Chapo Trap House among leftist channels banned on Twitch for streaming Democratic debate 1 Year Ago
- Meet Ryker, the world’s worst service dog 1 Year Ago
- Far-right blogger claims Trump ordered arrest of Julian Assange Today 3:47 PM
- Reddit man wants to tell people he’s been with his girlfriend for one year instead of 6—for an incredibly dumb reason Today 2:18 PM
- John C. Reilly’s son Leo is a TikTok star Today 1:58 PM
- ‘Vanderpump Rules’ recap: A friendship sails Today 1:52 PM
- For celebs, Kobe Bryant tattoos are all the rage Today 1:01 PM
- The internet has discovered Jim and Pam Halpert’s daughter—and she’s on TikTok Today 12:32 PM
- YouPorn launches adult-themed TikTok knock-off Today 12:29 PM
- Clearview AI client list reportedly stolen Today 11:56 AM
- Billie Eilish’s brother Finneas walks back on tone-deaf advice to young creatives Today 11:26 AM
- ‘Caronavirus’ trends after Trump misspells coronavirus Today 11:20 AM
- Conservative writer claims rape victims, trans people are most privileged Today 10:45 AM
- Colin Trevorrow reveals the title of the 3rd ‘Jurassic World’ movie Today 10:28 AM
- You can pre-order Bloomberg’s ‘not a socialist’ hats now if you really want to Today 10:06 AM
Facebook revealed Friday that 6.8 million of its users were affected by a bug that exposed their private photos to third-party developers.
The bug, which was present between Sept.13-25, 2018, allowed certain apps designed to access users’ timeline photos to also grab other content, including private pictures they uploaded but never shared.
“For example, if someone uploads a photo to Facebook but doesn’t finish posting it—maybe because they’ve lost reception or walked into a meeting—we store a copy of that photo so the person has it when they come back to the app to complete their post,” Facebook engineering director Tomer Bar said in a blog post.
Facebook stated that other photos, “such as those shared on Marketplace or Facebook Stories,” were also inadvertently exposed.
According to TechCrunch, Facebook alerted the Office Of The Data Protection Commissioner (IDPC), the European Union’s (E.U.) privacy watchdog, on Nov. 22.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar added. “The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.”
Despite the E.U. requiring such companies to disclose major security incidents within 72 hours as part of General Data Protection Regulation (GDPR) rules, Facebook waited nearly one month after initially finding the bug on Sept. 25.
Facebook told TechCrunch that it needed time to investigate the matter before it could decide whether the issue warranted reporting to the IDPC.
The company also plans to begin releasing tools to developers next week that will “allow them to determine which people using their app might be impacted by this bug.”
“We will be working with those developers to delete the photos from impacted users,” Bar noted.
The incident comes as Facebook receives increased scrutiny over its data practices following numerous scandals and security issues.
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.