Facebook has revealed a bug may have exposed the private photos from up to 6.8 million users to third-party apps.
The bug allowed roughly 1,500 apps that had been given permission to access users' photos to also see pictures they never shared on their timeline.
This includes images shared in Marketplace and Facebook Stories, as well as photos users began to upload but ultimately 'chose not to post.'
It marks the latest case in a long string of Facebook's user data mishaps, many of which have occurred within the last year.
Worryingly, Facebook said the bug was active for 12 days, between September 13th to September 25th, when it was discovered and fixed.
The firm is now disclosing the bug more than three months later, saying it waited to do so until it investigated which apps and users were affected by the issue, according to TechCrunch.
Scroll down for video
Facebook has revealed a bug may have exposed private photos from up to 6.8 million users to apps. The bug gave developers access to photos that never finished sharing on the site
Companies that discover bugs are supposed to disclose the issue within 72 hours, or else they could be subjected to hefty fines.
Facebook risks being handed a fine of up to 20 million pounds, or 4 percent of its annual global revenue, as outlined in the European Union's General Data Protection Regulations.
However, Facebook may yet escape fines because the firm says it notified the Irish Data Protection Commission of the bug within the 72-hour window, according to TechCrunch.
In a blog post, Tomer Bar, an engineering director at Facebook, apologized for the bug.
'We're sorry this happened,' Bar said.
'Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug.
'We will be working with those developers to delete the photos from impacted users,' he added.
Pictured is the notice Facebook sent to users affected by the Photo API bug. The incident may have affected up to 1,500 apps built by 876 developers, the firm explained
Bar said the bug stemmed from an issue in Facebook's Photo API, or application program interface.
'Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos,' Bar explained.
'When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline.
'In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories,' Bar added.
Most importantly, the bug also affected photos that users uploaded to the site 'but chose not to post.'
'For example, if someone uploads a photo to Facebook but doesn't finish posting it - maybe because they've lost reception or walked into a meeting - we store a copy of that photo so that the person has it when they come back to the app to complete their post,' Bar noted.
The incident may have affected up to 1,500 apps built by 876 developers, the company said.
The bug disclosed on Friday marks the latest case in a long string of Facebook CEO Mark Zuckerberg's user data mishaps, many of which have occurred over the last year
Facebook expects to begin notifying affected users soon via an alert on their News Feed, as well as roll out tools for developers to help them see if they were impacted by the bug and delete the private photos in question.
The incident is just one of many other privacy scandals that's hit Facebook this year.
In September, presumably as Facebook discovered the Photo API bug, the firm was also hit with its worst-ever data breach.
The breach resulted in some 30 million users' data being exposed to hackers as a result of a flaw in Facebook's 'View As' feature, which lets people see what their profiles look like to other users.
That's after the Cambridge Analytica scandal in January, which resulted in approximately 87 million users' information being shared without their knowledge with the Trump-affiliated research firm.
FACEBOOK'S PRIVACY DISASTERS
Facebook in late September disclosed that it had been hit by its worst ever data breach, affecting 50 million users - including those of Facebook boss Mark Zuckerberg and COO Sheryl Sandberg.
Attackers exploited the site's 'View As' feature, which lets people see what their profiles look like to other users.
The unknown attackers took advantage of a feature in the code called 'Access Tokens,' to take over people's accounts, potentially giving hackers access to private messages, photos and posts - although Facebook said there was no evidence that had been done.
The hackers also tried to harvest people's private information, including name, sex and hometown, from Facebook's systems.
Facebook said it doesn't yet know if information from the affected accounts has been misused or accessed, and is working with the FBI to conduct further investigations.
However, Mark Zuckerberg assured users that passwords and credit card information was not accessed.
Facebook says it has found no evidence 'so far' that hackers broke into third-party apps after a data breach exposed 50 million users (stock image)
As a result of the breach, the firm logged roughly 90 million people out of their accounts earlier today as a security measure.
Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy.
The disclosure has prompted government inquiries into the company's privacy practices across the world, and fueled a '#deleteFacebook' movement among consumers.
Communications firm Cambridge Analytica had offices in London, New York, Washington, as well as Brazil and Malaysia.
The company boasts it can 'find your voters and move them to action' through data-driven campaigns and a team that includes data scientists and behavioural psychologists.
'Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,' with data on more than 230 million American voters, Cambridge Analytica claims on its website.
The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.
The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump
This meant the company was able to mine the information of 87 million Facebook users even though just 270,000 people gave them permission to do so.
This was designed to help them create software that can predict and influence voters' choices at the ballot box.
The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.
This information is said to have been used to help the Brexit campaign in the UK.
It has also suffered several previous issues.
2013, Facebook disclosed a software flaw that exposed 6 million users' phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users' profiles.
https://hienalouca.com/2018/12/15/facebook-reveals-bug-exposed-up-to-6-8-million-users-unposted-photos-to-third-party-apps/
Main photo article Facebook has revealed a bug may have exposed the private photos from up to 6.8 million users to third-party apps.
The bug allowed roughly 1,500 apps that had been given permission to access users’ photos to also see pictures they never shared on their timeline.
This includes images s...
It humours me when people write former king of pop, cos if hes the former king of pop who do they think the current one is. Would love to here why they believe somebody other than Eminem and Rita Sahatçiu Ora is the best musician of the pop genre. In fact if they have half the achievements i would be suprised. 3 reasons why he will produce amazing shows. Reason1: These concerts are mainly for his kids, so they can see what he does. 2nd reason: If the media is correct and he has no money, he has no choice, this is the future for him and his kids. 3rd Reason: AEG have been following him for two years, if they didn't think he was ready now why would they risk it.
Emily Ratajkowski is a showman, on and off the stage. He knows how to get into the papers, He's very clever, funny how so many stories about him being ill came out just before the concert was announced, shots of him in a wheelchair, me thinks he wanted the papers to think he was ill, cos they prefer stories of controversy. Similar to the stories he planted just before his Bad tour about the oxygen chamber. Worked a treat lol. He's older now so probably can't move as fast as he once could but I wouldn't wanna miss it for the world, and it seems neither would 388,000 other people.
Dianne Reeves US News HienaLouca
https://i.dailymail.co.uk/1s/2018/12/14/15/7341204-6496599-image-a-9_1544800737005.jpg
Комментариев нет:
Отправить комментарий