HomeLatest NewsCyber SecurityFacebook bug exposed 6.8 million user's private photos to app developers
Cyber Security

Facebook bug exposed 6.8 million user’s private photos to app developers

Tech Observer Desk
By Tech Observer Desk
Updated On
Listen . 2 min
Make us preferred on Google
Facebook exposes 6.8 million private photos of users to app developers
The bug allowed roughly 1,500 apps that had been given permission to access users' photos also see pictures they never shared on their timeline. (Photo: Agency)
Preferred Source of Google

Exclusive

It seems there is no full stop to Facebook saga of misuse of users private . On Friday, the firm admitted that it had mistakenly exposed private photos of millions of users without their permission to app developers.

According to reports, a bug on Facebook Photo API allowed third-party app developers to access photos of 6.8 million users who may not have shared their photos publicly. This not only included the photos that the users have uploaded on their timelines but the ones they have uploaded elsewhere like the Facebook Marketplace or even the ones that they uploaded to share but not made live after changing their minds.

According to Facebook it discovered that users photos were exposed over a 12 days from from September 13th to September 25th in 2018. After finding out about the bug, the company said it has been investigating the issue to understand its impact to ensure that it has contacted the right developers and the people affected by this bug.

Advertisement
EVENT
Saksham Bharat 2026
Saksham Bharat 2026
A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.
📅 Tue, 26 May 2026
📍 Mumbai, Bengaluru, Delhi
Register Now →
EVENT
VeeamON 2026 Tour India - Mumbai
VeeamON 2026 Tour India - Mumbai
A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.
📅 Tue, 26 May 2026
📍 Grand Hyatt, BKC
Register Now →
EVENT
Cyber Surakshit Uttar Pradesh
Cyber Surakshit Uttar Pradesh
Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.
📅 Thu, 28 May 2026
📍 Lucknow
Register Now →
EVENT
VeeamON 2026 Tour India - Bengaluru
VeeamON 2026 Tour India - Bengaluru
A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.
📅 Wed, 03 Jun 2026
📍 JW Marriott Hotel
Register Now →
EVENT
VeeamON 2026 Tour India - Delhi
VeeamON 2026 Tour India - Delhi
A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.
📅 Fri, 19 Jun 2026
📍 Shangri-La Eros
Register Now →
EVENT
Infosec Reimagined
Infosec Reimagined
Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.
📅 Fri, 26 Jun 2026
📍 New Delhi
Register Now →
EVENT
Digital Senate
Digital Senate
Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.
📅 Thu, 30 Jul 2026
📍 New Delhi
Register Now →
EVENT
CIO Prism
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
📅 Fri, 18 Sep 2026
📍 Goa
Register Now →

According to media reports, the bug allowed about 1,500 apps that had been given permission to access users’ photos also see pictures they never shared on their timeline.

Facebook tells TechCrunch that it discovered the breach on September 25th, and informed the European Union’s watchdog the Office Of The Data Protection Commissioner (IDPC) on November 22nd. The IDPC has begun a statuatory inquiry into the breach.

According to , Director at Infosec Ventures, humans are the weakest link in cyber security, and privacy is an urban legend today. This has been proven time after time. The security of a user’s data lies in their own control and the only way to be secure is to be vigilant and suspicious by nature. Be your own HumanFirewall! Users are suggested not to provide any permission to ‘silly’ Facebook Apps that provide no utility and immediately take corrective action by retracting permission from needless apps. This can be done via the ‘security and privacy settings’ on the Facebook App or Website.

Advertisement

In this specific instance, only those users may have been affected who gave access to third party facebook apps that had access to their photos, but as seen in past facebook hacks, hackers are easily able to develop fake apps like “Quiz Apps” and “What Celebrity You Look Like Apps” for example, that appear to need genuine reasons to access photos, friend lists etc but in the background they steal information of users.

ALSO READ

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
Make us preferred on Google
Tech Observer Desk
Tech Observer Desk
Tech Observer Desk at TechObserver.in is a team of technology reporters led by a senior editor who brings latest updates and developments from the world of technology.
- Advertisement -
Powered By Veeam Logo
- Advertisement -

Subscribe to our Newsletter

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

Latest in TECH

Tech Observer Desk

India to Lead Global IT Security Standards Body for Two Years

India will chair the Common Criteria Development Board from April 2026, gaining influence over international IT security certification standards recognised by 38 countries.

RELATED ARTICLES