Social networking giant Facebook has again admitted to a privacy breach that occurred on its platform. The company has said that private photos on up to 6.8 million users were exposed to apps that were not supposed to have access to them. The apps in question were actually authorized to see a limited number of photos from user’s profiles, however, a bug enabled them to see even those pictures for which they didn’t have access. These included pictures from people’s Facebook Stories and also photos that the users upload but did not post. The only explanation of the latter being available is the Facebook may have saved a copy.
The breach happened between September 12 and September 25. According to TechCrunch, Facebook has said that it found out about the bug on September 25. However, there is no word on why the social media company was quiet about it till now.
Facebook has said that users whose photos may have been exposed will be receiving a notification about the breach from it and the company says that it will be working with developers to get all pictures which were not supposed to be accessed deleted. It has been reported that in total 1,500 apps from 876 different developers inappropriately gained access to the photos because of the bug that hit Facebook in September.
The company further said that an error related to Facebook login and its photos API led to the bug that affected the website and enabled developers to access photos via their own apps.
The impacted users are said to have logged into third-party apps via their Facebook accounts. So, the company means to say that the users granted some degree of access to developers to view their pictures themselves.
Tomer Bar, engineering director at Facebook has said that the company is sorry that this happened.
It is worth noticing that Facebook has found itself in numerous data breaches in the last few months and the biggest scandal of them all is the one that involved Cambridge Analytica. What’s worse, in many of these cases, the issues happened because of Facebook and not an external hacker.