Facebook's latest app data bug exposed the private photos of 6.8m users
Here we go again
The data privacy scandals just keep coming for Facebook: the social network has revealed a flaw in its code that could have exposed the private photos of up to 6.8 million users. The security hole has now been patched, but was open for 12 days.
According to Facebook, the bug worked like this: if affected users granted apps access to their timeline photos, those apps could then get at pictures they weren't supposed to be able to see, including images from Facebook Stories and Facebook Marketplace. Even worse, they could see images uploaded to Facebook and not yet posted.
That's right – Facebook keeps copies of pictures you upload to the app and then don't get around to posting... just in case you want to come back and finish off the post. These images are kept for three days before being removed, Facebook says.
Cleaning up the mess
Some 1,500 third-party apps were inadvertently granted a higher level of access than they really should have had. Facebook is notifying the developers of the apps in question, but to what extent they accessed or used photos they shouldn't have seen isn't clear.
"We're sorry this happened," writes Facebook's Tomer Bar. "Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users."
The bug was live in September before being fixed, and Facebook could be in trouble with EU regulators for waiting so long to report it. If you're one of the users that might have been affected, you should see an alert the next time you log in.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you'll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.