Before 2018 ends, Facebook is back again with another scandal. The company today announced the security breach or Facebook data leaked that is affecting almost 6.8 million users around the world. They have found a bug in one of the APIs that has exposed private photos of millions of customers. It has further given access to the third-party apps to the user photos on the available social network. These apps were allowed to see a limited set of user photos along with the photos that were never granted access to. This includes the photos that the people have uploaded but never posted it on the social media network. Facebook claimed that this new bug in API was present in its backend code starting from September 13 to September 25, 2018.
When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo so the person has it when they come back to the app to complete their post.
After this incident, this popular social networking website recommended its users to log in to the apps that they have given access to photos and check which images the app has gained access to. After the Cambridge Analytica Scandal along with another leak that is rumored to affect 29 million users, this new bug is latest in series to join the scandal list of Facebook.
Following the scandal, Tomer Bar, engineering director at Facebook wrote “We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users. We will also notify the people potentially impacted by this bug via an alert on Facebook. The notification will direct them to a Help Center link where they’ll be able to see if they’ve used any apps that were affected by the bug.”
So, now people are confused and want to know how this heck did happen? From the statement given the so-called bug was related to the Facebook login and allows people to sign into other apps using the Facebook account. This made the apps to get access to user photos that actually weren’t able to see practically. Facebook claimed that they have learned the existence of this breach on September 25 and by that time up to 1500 apps have already been able to get access to photos. Despite being the larger breach, it is quite unclear why Facebook took almost three months to come out clear of what happened.
According to the new EU privacy law, the companies need to disclose breaches within 72 hours. Facebook said that it needs to investigate the issue to determine if this bug will get into those regulations or not.
Currently, Facebook has already resolved this issue and said that it will be rolling out tools that can help determine which user may have impacted with this bug. Furthermore, they are even working on to delete photos that seem to have been accessed by the applications. And, all those unlucky ones whose photos might have been affected will also receive a notification.
Also, read about Facebook Portal and Portal Plus price, specs and release date.