Skip to Content
Computing

Facebook’s new privacy blunder may have exposed your private photos

December 14, 2018

The social network says a bug allowed a huge number of third-party apps to access images that up to 6.8 million users had uploaded to Facebook but not yet posted.

The news: The bug exposed photos users had uploaded between September 13 and September 25 but had chosen not to publish. The company says up to 1,500 external apps may have had access to these images, but hasn’t yet named any of those apps.
 
How to tell if you are affected: Facebook says it will notify people potentially affected via an alert on its service, which will direct them to a help center where they can see if they’ve used any apps affected by the bug. It also says people should log in to apps they’ve previously shared photos with to check what images these have access to, and that it will work with developers to remove photos exposed by the bug.
 
How did this happen? Facebook is blaming a fault in software that lets it share photos with apps. Typically, the social network only hands over photos people post to their timelines. But the bug exposed ones that had been uploaded and not yet shared.
 
Questions, and more questions: This new privacy disaster raises plenty of them. Why did Facebook not take more care with software that shares data with external apps, given that this is exactly the kind of problem that sparked the Cambridge Analytica scandal earlier this year? Why did it take more than two months to alert users to the latest blunder? And how long will it be before this never-ending string of privacy catastrophes finally leads to a change in leadership at the company?

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

VR headsets can be hacked with an Inception-style attack

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.