Facebook’s latest leak exposed 6.8 million users’ private photos to developers

From spammers to the banning of more than 1.5 billion accounts within the span of 5 months, Facebook has seen it all this year. Facebook has announced that they recently discovered a breach in their systems that allowed apps to view photos of users which they weren’t supposed to see. The breach occurred on 13th September and was discovered and patched by Facebook on 25th September. The apps had access to our photos for more than 10 days.

The Photo API is supposed to allow access of photos of users which are visible on the timeline to an app which the user gives permission to. However, due to this breach, the apps had access to a much broader set of photos. Around 6.8 million users who had approved access to these apps and up to 1,500 apps built by 876 developers were affected by this bug.

It’s interesting to note that photos that may have not been posted to Facebook are also stored on their servers for 3 days. These include photos that you may have uploaded but haven’t posted them. These photos were also breached and were shared to the developers of the apps. Facebook’s statement on the matter is given below:

We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.

Users affected by the breach have been notified and will be redirected towards a support article to guide them further to secure their accounts. For now, Facebook recommends users check which apps have access to their photos which is a clear indication you should revoke access to them to prevent any future incidents like this.

Are you shocked by this breach of privacy?