Security Social Media Tech News

Facebook Bug Exposes Users’ Photos

Dave Parrack 15-12-2018

A Facebook bug has exposed the private photos of up to 6.8 million users. The bug means thousands of third-party apps had potential access to photos they didn’t have permission to view. The worst thing is the amount of time Facebook took to disclose the incident.


Facebook’s Very Bad Year

It’s fair to say Facebook hasn’t had a good 2018. There was the Cambridge Analytica scandal Why Facebook's Privacy Scandal Might Be Good for Us All Facebook's mask fell following the Cambridge Analytica scandal, but it's not all bad news. Here's why it's a good thing this scandal made headlines worldwide. Read More everyone should be familiar with by now. And over a backdrop of people deleting Facebook, the social network has had ongoing issues maintaining people’s trust.

The issues run deep, with Facebook battling the spread of fake news, advertising campaigns with the potential to influence elections, and a seemingly lax attitude to users’ data and privacy. And now we get the news that private photos were exposed to apps.

Facebook Discloses New Bug

Facebook disclosed the incident in a Facebook for Developers Blog post. The social network explains that this bug affected “people who used Facebook Login and granted permission to third-party apps to access their photos”.

Users sometimes give apps permission to access photos they share on their timeline. However, this bug meant that for 12 days developers could also access other photos shared on Facebook, and even photos people uploaded but then decided not to post.

The bug in question was live between September 13 and September 25, 2018. Facebook discovered and duly fixed the bug on the 25th. However, it has taken almost three months for Facebook to notify the developers affected and, by extension, the users affected.


Facebook is “sorry this happened,” and is rolling out tools to help developers “determine which people using their app might be impacted by this bug.” Those people will then be notified, and directed to a Help Center link explaining the issue in more detail.

Fingers Crossed for 2019

This tops off an annus horribilis for Facebook, and we really hope 2019 brings better fortune. Not for Facebook’s sake, but for the sake of its users. Otherwise Facebook et al might find that everyone collectively decides to quit social media altogether What Happens When You Quit Social Media? 6 Things I Learned If you're planning to quit social media, you might have questions about what comes next. Here's what you can expect. Read More .

Image Credit: Marco Verch/Flickr

Related topics: Data Security, Facebook, Photo Sharing.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Jack
    December 17, 2018 at 9:38 am

    Back in 2015 ish, any app that used the Facebook login feature that requested access to your photo's could save the URL of that photo and access it even after you blocked access to the app because Facebook shared the absolute URL.

    I only noticed it in 2018 where Facebook actually added an access code to the URL which could kill the developers access to the photo.

    So this article is about fixing something they never even had in the first place.

  2. Rupert Bodkins
    December 16, 2018 at 12:43 pm

    I have studied computers from Cobol, Assembly and machine language days and still actively troubleshoot PCs. whent eh first online Gui started, like everyone i thought this would be avery interesting new way of communication which it is. However-I also knew that almost anything could be hacked into for nefarious purposes-including cell signals, wi-fi etc. email and texts/voice are encrypted when sent and even that isn't totally bulletproof but for the normal consumer beats social media any day. I never posted anything on Facebook or any other social media that was not disguised as something else. I have stayed as anonymous as possible online-but Google is the other spaghetti strainer in the submarine. if you want to let the world know what size hat you wear, post it on any social media, and the world will now know. Most professionals I know will not or are not allowed by their hi-tech security firms to post anything on Facebook (if they are smart enough), and it has been this way before the dam burst. Was a nice idea for sharing accurate tech or other information (the web) but social media is so full of holes (just look at the number of Windows "security" patches for the last 15 years or so over 6 operating systems going back to Windows 95-hundreds, maybe thousands but I lost count) that is how hard hackers work to get anything they can use to steal your personal information.

  3. Danny
    December 16, 2018 at 4:15 am

    Time to get off Facebook - too many security breaches. All they do is apologize.

  4. Danny
    December 16, 2018 at 4:14 am

    It's time to get off Facebook. Too many security breaches. All they do is apologize.