Latest Facebook bug allowed apps to access up to 6.8 million users’ private photos

2018
Photo: YouTube screengrab

First, there was Cambridge Analytica, a third-party firm that was able to get their hands on the personal data of 87 million users without prior consent, followed by hackers gaining full access to the Facebook accounts of millions of users, and just recently, the social media giant is faced with yet another security breach.

On Friday (Dec 14), Facebook announced through a blog post via their Developer News page that a Photo Application Program Interface (API) bug was found in the platform that granted permission to third-party apps to access user’s photos. The bug went as far as accessing photos that were not uploaded in Facebook. By default, the app saves someone’s posts as drafts for three days in case the user wants to push through with posting the photo later on. Drafts alongside photos shared on Marketplace and Facebook Stories were breached by the bug.

Photo: YouTube screengrab

Facebook developers perceive the bug affected up to 6.8 million users through 1,500 applications built by 876 developers. Apps that were given permission via Facebook are the ones that the API bug manipulated to access user photos. Even though the issue has been resolved, a span of 12 days between September 13 to 25, 2018 serves as more than enough time for photos that were not meant to go public to be accessed.

Through the blog post, Facebook has expressed their apology for such an occurrence. They also reassured the almost 2 billion users currently active in Facebook that by next week, the platform will be providing tools for app developers to track down which users were affected by the breach in privacy. From there, Facebook will be assisting the third-party app developers in deleting the leaked photos.

Facebook will be notifying those affected by the bug via an FB alert that will redirect the user to a Help Center link and from there pinpoint which apps were affected by the bug.

While the gravity of the recent events is not as severe as the first few, users were definitely shocked and unhappy at the capacity and capabilities Facebook has in accessing user data.

FB users Kevin W. Pierce, Stanley Davidson, and Jennifer Ashley were some of the many that were shocked at how private photos that were meant to be private were accessed.

While some, like Pamela Bennett, understand that there is a relationship between the user and Facebook and with that comes a sense of responsibility as to what is shared or not.

As for the penalties and fines this violation entails, the public can rest assured that there will be plenty. Aside from the concurrent federal investigations for the earlier privacy breaches, this most recent one has also broken the 2011 agreement Facebook signed with the Federal Trade Commission (FTC) which required the former to improve its privacy and security measures when it comes to data protection.

Furthermore, the social media giant will also be facing additional penalties for overstepping some of the provisions of the General Data Protection Regulation (GDPR) that was established by Europe in hopes to further tighten rules and policies as to how information is handled by companies to ensure EU citizens’ privacy and security.

The GDPR states that companies have to inform policymakers within 72 hours if a breach were to occur. Facebook, however, discovered the bug on September 22 but only notified regulators towards the end of November after an investigation was made.