Facebook has disclosed another privacy leak: The company said a technical glitch in its photo-sharing system that may have exposed the private photos of as many as 6.8 million users.
The company said it has fixed the bug in the photo application programming interface (API) that is used to let some 1,500 apps from by 876 developers access Facebook users’ photos. The social giant said some third-party apps may have had access to a “broader set of photos than usual” for 12 days, between Sept. 13-25, 2018.
The disclosure comes after news earlier this year that info on up to 87 million Facebook users had been misappropriated by Cambridge Analytica, a data consultancy that was used by Donald Trump’s 2016 election campaign. That fiasco led to CEO Mark Zuckerberg testifying before congressional committees. And in August, Facebook said an app called myPersonality had improperly shared personal data from 4 million users with researchers and other third parties.
With the photo-sharing bug, Facebook said the only apps affected were those that Facebook approved to access the photos API. The glitch potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories, as well as pics people uploaded to Facebook but chose not to post.
Facebook said it will notify users who were potentially impacted by the bug via an alert on the service, direction them to a Help Center link to check if they’ve used any apps that were affected by the bug. In addition, the company is recommending users log into any apps with which they have shared their Facebook photos to check which photos they have access to.
“We’re sorry this happened,” Tomer Bar, engineering director at Facebook, wrote in a notice posted Friday to the company’s site for developers. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug.” He added that Facebook will work with those developers to delete the photos from affected users.