Skip to Content

Facebook’s new privacy blunder may have exposed your private photos

December 14, 2018

The social network says a bug allowed a huge number of third-party apps to access images that up to 6.8 million users had uploaded to Facebook but not yet posted.

The news: The bug exposed photos users had uploaded between September 13 and September 25 but had chosen not to publish. The company says up to 1,500 external apps may have had access to these images, but hasn’t yet named any of those apps.
How to tell if you are affected: Facebook says it will notify people potentially affected via an alert on its service, which will direct them to a help center where they can see if they’ve used any apps affected by the bug. It also says people should log in to apps they’ve previously shared photos with to check what images these have access to, and that it will work with developers to remove photos exposed by the bug.
How did this happen? Facebook is blaming a fault in software that lets it share photos with apps. Typically, the social network only hands over photos people post to their timelines. But the bug exposed ones that had been uploaded and not yet shared.
Questions, and more questions: This new privacy disaster raises plenty of them. Why did Facebook not take more care with software that shares data with external apps, given that this is exactly the kind of problem that sparked the Cambridge Analytica scandal earlier this year? Why did it take more than two months to alert users to the latest blunder? And how long will it be before this never-ending string of privacy catastrophes finally leads to a change in leadership at the company?

Deep Dive


A chip design that changes everything: 10 Breakthrough Technologies 2023

Computer chip designs are expensive and hard to license. That’s all about to change thanks to the popular open standard known as RISC-V.

Modern data architectures fuel innovation

More diverse data estates require a new strategy—and the infrastructure to support it.

Chinese chips will keep powering your everyday life

The war over advanced semiconductor technology continues, but China will likely take a more important role in manufacturing legacy chips for common devices.

The computer scientist who hunts for costly bugs in crypto code

Programming errors on the blockchain can mean $100 million lost in the blink of an eye. Ronghui Gu and his company CertiK are trying to help.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.