New Facebook bug exposes photos of 6.8m users to third parties
A new Facebook bug gave third-party app developers access to private photos of up to 6.8m users from the period of 12 days earlier this year.
FACEBOOK-A
$168.90
22:00 31/03/20
The photos shared included pictures from people’s stories as well as photos that people uploaded but never posted, between 13 September and 25 September.
“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” the company said. “In this case, the bug potentially gave developers access to other photos”
Facebook apologised on Friday saying “we’re sorry this happened” and said it would provide tools for app developers to check whether they were impacted and will work to have the apps delete the private photos.
The company will also notify people that could have been affected.
A Facebook spokesperson says the bug was discovered and fixed on September 25th. Before announcing the problem the company said it would investigate which apps and people were affected.
The delay in the announcement could put Facebook at risk of GDPR fines of £20m or 4% of annual global revenue for not disclosing the issue within 72 hours.
However, Facebook claims it warned the Irish Data Protection Commission of the issue.