Author Topic: Facebook Photo API Bug Exposed Pics of Up to 6.8 Million Users  (Read 185 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35124
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Facebook Photo API Bug Exposed Pics of Up to 6.8 Million Users
« on: December 16, 2018, 07:44:33 PM »
Facebook announced that a bug in its application programming interface for photos may have allowed third-party unauthorized access to images on 6.8 million accounts.

Apps that receive user-permission to access photos are typically restricted to the content published on the Timeline. However, for a period of about two weeks between September 13 and September 25, an error in the code update for the Photo API extended this permission to other sections of the profile, such as Marketplace or Facebook Stories; furthermore, the pictures that the user did not publish were also exposed.

"For example, if someone uploads a photo to Facebook but doesn't finish posting it - maybe because they've lost reception or walked into a meeting - we store a copy of that photo so the person has it when they come back to the app to complete their post," Facebook explains in its notification.

Image content shared through Messenger conversations was not impacted.

1,500 apps affected by the bug

Facebook found the issue internally and has already fixed it. The company estimates that the issue affects up to 6.8 million users and that 1,500 apps from 876 developers could have accessed the image content without consent. It is important to note that the apps had Facebook's approval to access Photos API and the authorization from the user to reach their photos.

It is suspected that the number of people affected will ultimately be smaller, but it is too soon into Facebook's investigation to know for sure at this point.

For the time being, Facebook cannot determine precisely which of the involved apps made calls to the API in that timeframe. This is the reason why the company decided to publish an alert to all users that used one of the 1,500 apps about the potential impact on their privacy.

Another step Facebook is taking to minimize the impact on users is to contact the app developers and ask them to check for pictures that should not have been accessed and to delete the content.

People potentially impacted by the error will also receive a notification on Facebook, sending them to a Help Center page, that checks if their account has been impacted by the error in Photo API and the apps that may have had access to pictures outside the regular restrictions.



source
« Last Edit: December 16, 2018, 07:47:29 PM by javajolt »