Private Photos Of 6.8 Million Users Were Accidentally Shared With 1,500 Apps

Karamchand Rameshwar


Facebook just disclosed a photo API bug that might affect more than 6.8 million users' photo even if they did not post those photos on their timelines.

Even if you did not post your photos to your Facebook account, hundreds of app developers could still have seen those photos due to a security flaw.

On Friday, Facebook just disclosed a security flaw which might affect around 6.8 million users on about 1,500 apps that connected to the social network platform, according to a statement of the company on Friday. This bug comes from when users give an app permission to access to their photos on the platform.

The photo API was supposed only to allow third-party apps to public users’ picture that they shared on their timelines, but instead, that bug actually gave those app developers complete access to users’ photo, even the ones that they already uploaded but kept hidden and never posted on their timelines

This photo bug actually existed for twelve days, from 13 to 25 September, as stated by the social media giant. The company stated that it would release a new tool in the following week for app developers to identify if their users were actually affected by that flaw. Facebook also said that they would notify millions of users exposed.

If you are concerned, you can go to your privacy settings and check if any app has access to your pictures.

This security flaw is another blunder of the company, as the tech giant has already had a tough time with a lot of challenges in privacy in 2018.

Facebook has to deal with a lot of controversies in the current year, including the Cambridge Analytica scandal, US election interference by foreign forces, and also a massive breach that affected over 29 million Facebook accounts.

This flaw happened three months ago was an issue with the API of Facebook as well, related to birthday videos on the platform. Facebook didn’t reply to requests for comment on this bug.