Facebook says sorry for bug that exposed private photos
Tomer Bar, engineering director of Facebook, said in a blog post on Friday night that the company discovered a bug that allowed third-party app developers to access photos of its 6.8 million users.
“Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos,” Bar said.
“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug,” he added.
According to Bar, the bug may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.
“We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018,” he said.
Photos that users have uploaded to their respective social media accounts but did not finish posting could have been accessed by the third party apps, Bar said.
“We will be working with those developers to delete the photos from impacted users,” he added.
Bar said Facebook would notify affected users of the bug via an alert in their accounts.