Skip to Content
MIT Technology Review

Facebook’s new privacy blunder may have exposed your private photos

Category:

The social network says a bug allowed a huge number of third-party apps to access images that up to 6.8 million users had uploaded to Facebook but not yet posted.

The news: The bug exposed photos users had uploaded between September 13 and September 25 but had chosen not to publish. The company says up to 1,500 external apps may have had access to these images, but hasn’t yet named any of those apps.
 
How to tell if you are affected: Facebook says it will notify people potentially affected via an alert on its service, which will direct them to a help center where they can see if they’ve used any apps affected by the bug. It also says people should log in to apps they’ve previously shared photos with to check what images these have access to, and that it will work with developers to remove photos exposed by the bug.
 
How did this happen? Facebook is blaming a fault in software that lets it share photos with apps. Typically, the social network only hands over photos people post to their timelines. But the bug exposed ones that had been uploaded and not yet shared.
 
Questions, and more questions: This new privacy disaster raises plenty of them. Why did Facebook not take more care with software that shares data with external apps, given that this is exactly the kind of problem that sparked the Cambridge Analytica scandal earlier this year? Why did it take more than two months to alert users to the latest blunder? And how long will it be before this never-ending string of privacy catastrophes finally leads to a change in leadership at the company?