Facebook Inc. is headed into the weekend with another privacy blunder on its hands.
The social networking giant today disclosed that a security bug gave external applications overly broad access to as many as 6.8 million users’ photos. Normally, an application that is granted permission by a user to view their photos can only pull items from their Timeline. The flaw exposed photos in Facebook Stories and Marketplace as well as files that users had uploaded to the social network but didn’t share publicly.
Today’s disclosure comes about three months after the incident took place. According to Facebook, the flaw facilitated expanded application access to images for 12 days in September.
The same month, the company disclosed that hackers had exploited a different security bug to steal personal information about tens of millions of users. Facebook initially said that 50 million members fell victim to the breach but later revised the number to 30 million. The compromised data included details such as names, phone numbers, birthdates and locations.
Although smaller in comparison, the disclosure that 6.8 million users’ photos were exposed still amounts to a major breach of privacy. It will also create headaches for the 876 authorized Facebook developers whose applications are believed to have accessed those photos. They’ll have to painstakingly find and purge potentially millions of images from their applications, if not more.
Facebook said that it will release tools to help developers remove inappropriately retrieved photos next week. The company will also notify affected users so that they can track down potentially exposed images on their own.
“The notification will direct them to a Help Center link where they’ll be able to see if they’ve used any apps that were affected by the bug,” the company wrote. “We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to.”
It’s notable that the security bug behind the incident affected one of Facebook’s application programming interfaces, much like the recently reported Google+ flaw responsible for exposing 52 million users’ information. That incident was preceded by a smaller Google+ privacy compromise that was likewise caused by an API issue.
In the case of Facebook, its recent security missteps represent only part of the reason why it’s suffering from diminished public trust. The company’s business practices are another source of criticism. Only yesterday, The Guardian published a scathing report that cited former and current Facebook fact-checkers as saying they were only hired for publicity reasons. Facebook has strongly pushed back against the accusations.
Since you’re here …
The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.