Skip to main content

Facebook Flaw Exposed Photos Belonging To Millions Of Users 

By January 3, 2019June 2nd, 2022Technology News

Recently Facebook fessed up to a bug in their photo API that exposed the photos belonging to nearly seven million of the company’s users to app developers.

The way the photo API is supposed to work is as follows:  When you give an app permission to access your Facebook photos, that app is only supposed to gain access to the ones you’ve posted on your timeline.

The photos you’ve uploaded but have not shared are supposed to be strictly off limits.

Unfortunately, that’s not the case at all.  According to a statement released by the company, some fifteen hundred apps controlled by 876 developers had access to every photo that users of those apps had uploaded to Facebook, whether they were a part of that user’s timeline or not.

The company reports that the bug has now been fixed, but that app developers had access to all photos between September 13th and September 25th of 2018.

The obvious question is, if the company knew about the issue back in September, and they’ve already fixed it, why is it that we’re only hearing about it now?

The company’s explanation is both thin and weak. A Facebook spokesman simply stated that it took time to investigate the matter, including finding out which apps and users were impacted by the bug, and then to build the warnings (including translations into multiple languages) to warn the potentially impacted users.

Be that as it may, the standard protocol for such incidents has been immediate notification, followed by ongoing investigation, and sending out official notices to impacted parties.

Facebook issued a standard, terse apology, but has not offered any additional explanation as to why the disclosure was such a long time coming.  It’s unlikely that we’ll get an explanation beyond the one already given, unsatisfying or not.

This is but the latest in a long stream of similar “incidents” the company has reported on in recent months.  One wonders how many more terse apologies we’ll be seeing in the months ahead.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.