Facebook admits bug allowed apps to see hidden photos

facebook

A Facebook bug let app developers see photos users had uploaded but never posted, the social network has disclosed. For two weeks in September, an error in the way Facebook shares photos with third parties meant that apps could see not only photos users had posted on their newsfeed, but also pictures in other parts of the site – on Facebook Stories or Facebook’s Marketplace, for instance.

The bug also “impacted photos that people uploaded to Facebook but chose not to post”, a Facebook developer, Tomer Bar, said in a statement on Friday. Importantly, the only applications that had access to the hidden photos were those to which users had already granted access to all their public photos, through the company’s API (application programming interface), Bar said. “Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.”

Users affected are those who had given permission to third-party apps to access their photos through the Facebook login function. There is no evidence that the bug led to any large-scale extraction of photos from the site. “We’re sorry this happened,” Bar added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”(theguardian)…[+]