Facebook Might Have Leaked Your Private Photos

Facebook Might Have Leaked Your Private Photos

It’s been at least a few days since a new Facebook privacy scandal dropped, so we’re long overdue. According to a new posting tucked away on Facebook’s developer blog, the company introduced a bug into its photo API earlier this year that gave connected apps too much access to your pictures. Even if you never made a photo public, an app developer may have it.

We have seen a few social network API fails lately — most notable on Google’s now-doomed Google+ platform. However, those vulnerabilities just covered profile fields rather than your photos. The broken API is supposed to only grant access to photos shared to your timeline. Apps using the API from September 13 to September 25 could also see your photos from the Marketplace, Facebook Stories, and even photos you uploaded and chose not to share.

The API bug may have affected as many as 6.8 million users — anyone who connected around 1,500 different apps from 876 developers that accessed the photo API. Facebook offered a rather generic apology, saying, “We’re sorry this happened.”

Since this is the developer-oriented alert, Facebook discusses the next step in determining how much data leaked. Starting next week, it will roll out tools for developers to determine which of their users might have been affected and delete photos those apps may have incorrectly stored. That will give Facebook a better idea of how severe the leak was.

Facebook says it will notify users of the breach via an alert in their feed (see below). It will include information on the apps they’ve used that could have gotten private photos. At that point, they can check those apps to see if they contain photos that weren’t shared to the timeline.

Facebook Might Have Leaked Your Private Photos

The company claims to have notified Europe’s Office Of The Data Protection Commissioner (IDPC) of the breach as required by the wide-ranging GDPR rules implemented earlier this year. However, Facebook did not do so until Nov. 22nd. It discovered the breach on Sept. 25th, and the GDPR requires companies to notify the EU within 72 hours. Facebook says it didn’t know if the error would constitute a GDPR report until November, but that seems suspicious. The IDPC has started an inquiry that could result in a substantial fine for Facebook.

Facebook says the vulnerability is patched, so your private photos are again safe and sound. Further, the breach never impacted photos shared through Messenger or other Facebook services like Instagram and WhatsApp.

  • Facebook Used Its VPN to Spy on Other Companies, Users
  • No One Wants to Talk About How Completely We Were Lied to
  • Shockingly, No One Trusts Facebook’s Portal Smart Displays

Continue reading

Astronomers Might Finally Know the Source of Fast Radio Bursts
Astronomers Might Finally Know the Source of Fast Radio Bursts

A trio of new studies report on an FRB within our own galaxy. Because this one was so much closer than past signals, scientists were able to track it to a particular type of neutron star known as a magnetar.

Asteroid Bennu Might Be Hollow and Doomed to Crumble
Asteroid Bennu Might Be Hollow and Doomed to Crumble

A new analysis from the University of Colorado Boulder’s OSIRIS-REx team suggests the Bennu is much less stable than expected. In fact, it could completely go to pieces in the coming eons.

Jupiter’s Moon Europa Might Glow in the Dark
Jupiter’s Moon Europa Might Glow in the Dark

The intense radiation bombarding Europa might make it glow in the dark, and that could help scientists learn more about the moon's ice sheets and the ocean below.

Russia Might Issue Fines for Using SpaceX Starlink Internet Service
Russia Might Issue Fines for Using SpaceX Starlink Internet Service

You can get Starlink internet in a few places, but Russia doesn't want any of its citizens going through the SpaceX system as it expands. In fact, the country has floated the idea of fining people for using Starlink or other foreign satellite internet services.