Facebook bug exposed 6.8 million user’s private photos to app developers

Must Read

How to choose an effective DDoS mitigation plan

There are several flavours from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the protection flavours (always-on or on-demand)

How tech bolster security of online gaming platforms

The rise of online gaming and is evident throughout the world’s financial capitals with the UK, US, and a few other European nations at the forefront

Explained: The evolving nature of cybersecurity threats

Concerns such as hacking and the presence of computer viruses have existed for decades in one form or another. As technology evolved over the years, so did the cybersecurity  threats themselves.

It seems there is no full stop to saga of misuse of users private data. On Friday, the firm admitted that it had mistakenly exposed private photos of millions of users without their permission to app developers.

According to reports, a bug on Facebook Photo API allowed third-party app developers to access photos of 6.8 million users who may not have shared their photos publicly. This not only included the photos that the users have uploaded on their timelines but the ones they have uploaded elsewhere like the Facebook Marketplace or even the ones that they uploaded to share but not made live after changing their minds.

According to Facebook it discovered that users photos were exposed over a 12 days from from September 13th to September 25th in 2018. After finding out about the bug, the company said it has been investigating the issue to understand its impact to ensure that it has contacted the right developers and the people affected by this bug.

According to media reports, the bug allowed about 1,500 apps that had been given permission to access users’ photos also see pictures they never shared on their timeline.

Facebook tells TechCrunch that it discovered the breach on September 25th, and informed the European Union’s privacy watchdog the Office Of The Data Protection Commissioner (IDPC) on November 22nd. The IDPC has begun a statuatory inquiry into the breach.

According to Ankush Johar, Director at Infosec Ventures, humans are the weakest link in cyber security, and privacy is an urban legend today. This has been proven time after time. The security of a user’s data lies in their own control and the only way to be secure is to be vigilant and suspicious by nature. Be your own HumanFirewall! Users are suggested not to provide any permission to ‘silly’ Facebook Apps that provide no utility and immediately take corrective action by retracting permission from needless apps. This can be done via the ‘security and privacy settings’ on the Facebook App or Website.

In this specific instance, only those users may have been affected who gave access to third party facebook apps that had access to their photos, but as seen in past facebook hacks, hackers are easily able to develop fake apps like “Quiz Apps” and “What Celebrity You Look Like Apps” for example, that appear to need genuine reasons to access photos, friend lists etc but in the background they steal information of users.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Sapience Analytics signs distribution agreement with Redington

Sapience Analytics and Redington said that they have entered into a distribution agreement where latter will resell the Sapience Vue solution through its network of over 30,000 channel partners, system integrators, and value-added resellers countrywide.
- Advertisement -SAP Hana

Related Articles