New Facebook API Bug Gave Apps access to 6.8 Million People’s Photos

Another day, another apparent Facebook breach. Apparently, Facebook found a new API bug that gave 1,500 apps access to photos, even if they were private. What’s new in all of this? Well, the social media giant apparently sat on this information since September 25! Read on for the full story.

New Facebook API Bug Gave Apps access to 6.8 Million People's Photos
New Facebook API Bug Gave Apps access to 6.8 Million People’s Photos

Facebook’s Latest API Bug – The Full Story

On Friday, Facebook released a statement on its blog informing its users that a API bug has given 1,500 apps access to user photos, even the ones considered private.

“Out internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos. We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018.”

The API bug gave these apps access to photos that were private, shared on Facebook stories, Marketplace, and so on. Facebook also said that the bug “also impacted” photos uploaded to Facebook but not shared. Apparently, up to 6.8 million Facebook users were affected.

Shockingly, all Facebook had to say was “We’re sorry this happened.”

The GDPR – Facebook’s Latest API Bug Finally Bringing Retribution?

If you’ve been reading the news lately, you would have realized that Facebook overdid the data breaches this year. The interesting, and somewhat infuriating, thing is that most of these breaches occurred after the EU’s GDPR took into effect. Many people around the world have questioned why Facebook (and Google and the likes) have yet to be fined by the new data regulation law.

Well, FINALLY, this latest bug might have the straw that broke the camel’s back. Since Facebook’s EU headquarters is in Dublin, the Irish DPC launched an inquiry into Facebook’s compliance with the GDPR. In an email statement sent to ABC News, the Irish DPC’s head of communications, Graham Doyle, said:

“The Irish DPS has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25th, 2018. With reference to these data breaches, including the breach in question, we have this week commences a statutory inquiry examining Facebook’s compliance with the relevant provisions of the GDPR.”

The GDPR requires any company to inform the public of any data breach within 72 hours. In case a company fails to do so, the GDPR can fine it up to 4% of its yearly revenue. Despite Facebook’s failure to comply before, this time it looks like it might be serious.

Facebook’s Latest API Bug – Final Thoughts

I think it’s safe to say at this point that nobody should trust Facebook with their private information. In other words, if it doesn’t need to be online, don’t put it there. Despite the GDPR, it’s time for users to start being more proactive. Limit what you post you post online, think about who you’re giving permission to, and try to make more privacy-oriented decisions when it comes to your e-life. Hopefully, the GDPR will finally fine Facebook for this breach, showing everyone that no one is above the law. Who knows, that might be the push big tech companies need to start taking user data into consideration.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top