Facebook bug leaks your private photos to apps
Facebook has revealed a bug in its app development platform that let apps access the private pictures of users. An estimated 6.8 million users were affected in total.
Apps are expected to only have access to images posted on a user’s timeline, however a bug let the apps see any images linked to the account. This includes images on Facebook Stories and Facebook Marketplace, as well as those uploaded but not published. Facebook stores the latter for three days before they are deleted, in case the user decides to publish them.
Users are required to give permission for apps to view photos, and only users who gave picture permissions had their images leaked to the apps.
Photos shared on Facebook’s other platforms, including WhatsApp, Instagram, and Facebook Messenger, were unaffected by the bug. While this means the images inadvertently shared were ones that were intended for public viewing anyway, it’s always nice to know exactly who can see what with regards to personal data, and Facebook apps aren’t exactly trustworthy.
READ NEXT: Facebook knows a startling amount about you
Facebook is currently working on a tool for developers, so app developers can detect which of their users inadvertently shared these pictures. The tool is to be released next week, although it’s curious it’s being released to the developers, rather than the people whose pictures may have been leaked.
In a blog post, Facebook claims the bug was in effect from 13 to 25 September – not a negligible amount of time. That Facebook took so long to report the bug could see the firm at the receiving end of a GDPR fine, with leaks and hacks supposed to be reported within a day of discovery.
This latest bug should come as no surprise to anyone who follows Facebook news in any way. When it isn’t selling data to Cambridge Analytica or various targeted advertisers, it’s the subject of 50-million-account data breaches, Russian data hacks, and GDPR data infringements. It’s proven to be about as safe for data as abandoned cottages are for characters in horror films, and this latest case shows it still hasn’t made any progress in changing that.