It seems there is no full stop to Facebook saga of misuse of users private data. On Friday, the social media firm admitted that it had mistakenly exposed private photos of millions of users without their permission to app developers.
According to reports, a bug on Facebook Photo API allowed third-party app developers to access photos of 6.8 million users who may not have shared their photos publicly. This not only included the photos that the users have uploaded on their timelines but the ones they have uploaded elsewhere like the Facebook Marketplace or even the ones that they uploaded to share but not made live after changing their minds.
According to Facebook it discovered that users photos were exposed over a 12 days from from September 13th to September 25th in 2018. After finding out about the bug, the company said it has been investigating the issue to understand its impact to ensure that it has contacted the right developers and the people affected by this bug.
According to media reports, the bug allowed about 1,500 apps that had been given permission to access users’ photos also see pictures they never shared on their timeline.
Facebook tells TechCrunch that it discovered the breach on September 25th, and informed the European Union’s privacy watchdog the Office Of The Data Protection Commissioner (IDPC) on November 22nd. The IDPC has begun a statuatory inquiry into the breach.
According to Ankush Johar, Director at Infosec Ventures, humans are the weakest link in cyber security, and privacy is an urban legend today. This has been proven time after time. The security of a user’s data lies in their own control and the only way to be secure is to be vigilant and suspicious by nature. Be your own HumanFirewall! Users are suggested not to provide any permission to ‘silly’ Facebook Apps that provide no utility and immediately take corrective action by retracting permission from needless apps. This can be done via the ‘security and privacy settings’ on the Facebook App or Website.
In this specific instance, only those users may have been affected who gave access to third party facebook apps that had access to their photos, but as seen in past facebook hacks, hackers are easily able to develop fake apps like “Quiz Apps” and “What Celebrity You Look Like Apps” for example, that appear to need genuine reasons to access photos, friend lists etc but in the background they steal information of users.