Facebook bug gave third-party developers potential access to unposted photos of 6.8 million users

Photo by Glen Carrie on Unsplash

In a developer news blog post late evening on Friday Facebook revealed that they had found a photo API bug that may have affected people who used their Facebook login on a third-party app. The bug gave third-party apps access to photos that have been uploaded to Facebook but may not have been posted.

According to the blog post that includes “access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo so the person has it when they come back to the app to complete their post.” While these are just examples, at this time we have no idea as to what other kinds of photographs may have been compromised. Facebook believes users of 1500 applications built by 876 developers are affected.

Facebook has also issued an apology for the bug. “We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

Facebook has also promised to inform those potentially impacted by this incident via an alert on Facebook. The notification will direct them to a link which will let them know if they have used any of the applications affected by the bug. Facebook has also asked users to log into their third-party apps and check what photographs they have access to.