A Facebook bug exposed the private photos of almost 7m of the social network’s users without their permission, the latest in an ever-growing list of breaches to hit the tech giant.
The breach occurred back in September when certain third-party apps were given access to more photos than they usually would for a 12-day period between 13 September and 25 September. Usually, Facebook would only give app developers, which ask for permission to access photos, access to the photos that people openly share on their timeline.
The bug instead meant that third-party developers could have had access to photos shared in places like Marketplace, on Facebook Stories, or even photos people uploaded but chose not to post.
According to Facebook, up to 6.8m users and 1,500 apps from 876 developers may have been affected by the bug. The apps affected were only those that have been approved to access Facebook’s photos API.
“We're sorry this happened… We will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users,” said Tomer Bar, engineering director at Facebook, in a blog post.
“We will also notify the people potentially impacted by this bug via an alert on Facebook. The notification will direct them to a Help Centre link where they'll be able to see if they've used any apps that were affected by the bug.
“We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to.”
The Irish Data Protection Commission (DPC), the lead regulator of Facebook in the European Union, has since announced that it would be launching a "statutory inquiry" into Facebook to investigate whether the social network is in breach of GDPR.