15 Dec 2018
Bug leaks 70 lakh users' photos; Facebook says 'sorry'
Written byShiladitya Ray ·
Seems like data privacy and Facebook just don't see eye to eye.
In yet another instance of users' data getting leaked, Facebook has discovered a bug that exposed users' photos to app developers.
What's worse? It has affected close to a whopping seven million Facebook users.
Although Facebook claims to have fixed the bug, the damage has already been done.
Millions of users, 1,500 apps affected by the bug
In a blog post, Facebook announced that its international team had discovered a bug that might have affected people who "used Facebook Login and granted permission to third-party apps to access their photos".
The social media giant added that an estimated 6.8 million users had been affected, along with 1,500 apps developed by 876 developers.
Bug gave apps access to even un-posted photos
Generally, when a user grants third-party apps access to their Facebook photos, apps only get access to Facebook photos shared by the user on his/her timeline.
However, the bug gave app developers access to other photos, including photos shared on Facebook Stories or Marketplace.
Further, the bug also gave developers access to photos that were uploaded to Facebook but not posted.
How the bug affects uploaded, but un-posted photos
"The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn't finish posting it...we store a copy of that photo for three days so the person has it when they come back to the app to complete their post," explained Facebook.
Facebook says 'sorry', but that's about it
The blog post also conveyed that Facebook was "sorry" for the mishap, and would be taking corrective measures.
Early next week, the social media giant will release tools for app developers that will help them determine which users using their apps had been affected by the bug.
Facebook will then work with developers to delete photos from apps that gained unwarranted access.
Potentially affected users will apparently be notified
The social media giant has also said that it will notify users who could have been impacted by the bug.
Such users will be given a Help Center link that will allow them to see whether they have used any apps that were affected by the bug.
Further, Facebook has urged users to check what Facebook photos authorized third-party apps have access to.
Facebook took three months to announce the data leak
While the blog post was released on December 14, TechCrunch revealed that Facebook had detected and fixed the bug on September 25.
Interestingly, this delay in notifying people could subject Facebook to a hefty fine of £20mn, or 4% of annual global revenue under the European Union's General Data Protection Regulation (GDPR).
Reportedly, a statutory inquiry has been launched against Facebook too.
2018 has been a nightmarish year for Facebook
Facebook has already seen a tumultuous 2018, and this privacy failure will further lower public confidence in the company.
Following the Cambridge Analytica scandal, Facebook has been plagued by data leaks and breaches.
In September this year, 30 million users' data was compromised, including their names, numbers, emails, locations etc.
Then a series of bugs followed which, in minor ways, also impacted users' privacy.
Facebook losing control of security doesn't bode well
Interestingly, as TechCrunch again notes, Facebook discovered this bug on the same day it discovered the 30 million user data breach, but evidently hushed this up.
Maybe it was afraid of a bigger backlash from the public? Possibly, given Facebook's current track record.
Everything said and done, it seems like Facebook is fast losing control of its network's security, and that doesn't bode well.