In what seems like a continuation in a never-ending slew of data privacy issues for Facebook, the company announced today that a photo API bug accidentally exposed users’ unposted photos to more than 1,500 third-party developers without permission.
“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.” Facebook developers said in a statement. “The bug also impacted photos that people uploaded to Facebook but chose not to post.”
For example, in the 12 days from Sept. 13-25, if one of the 6.8 million affected users began to upload a photo to Facebook and were interrupted or decided against posting, the third-party developers would have access to that photo.
Facebook says the bug has been patched as of now, but Facebook issued an apology to its users and is attempting to solve the effects of the bug with some tools that will help app developers identify if they have any of the private user photos, so they can be deleted promptly.
How do you find out if your personal photos have been compromised? Facebook promises to notify potentially impacted users and direct them to a help center link where they can find out if any of the apps they use are the apps in question.
Facebook developers also recommend for people to review apps with which they have uploaded Facebook photos to make sure they don’t have access to photos without permission.
The massive company has received a great deal of public backlash, especially since CEO Mark Zuckerberg told Congress earlier this year that Facebook has “responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”
The recent breach along with other recent Facebook privacy malpractices such as the recent Cambridge Analytica scandal have only increased the amount of distrust for the social media platform and others like it.