Up to 6.8 million users public and private photos on Facebook potentially exposed.


Facebook posted a blog on December 14, 2018 with the intention of notifying their developer ecosystem of a photo API bug. The bug may have affected people who used Facebook Login and granted permission to third-party apps to access their photos.

Facebook has stated that they have fixed the issue, but some third-party apps may have had access to photos you had intended to be private. The bug was active from September 13 through September 25, 2018.

In the blog, Facebook detailed that they usually only grant applications access to photos that people share on their timeline. In the case of this bug, the permission granted potentially gave developers access to other photos, such as those shared on Marketplace or Facebook stories.

They reported that the bug also impacted photos that people uploaded onto Facebook but chose not to post. Facebook stores copies of photos that are uploaded – but not posted – for three days so that the person who uploaded it has it when they come back to the app to complete their post at a later time.

Currently, Facebook believes that this bug may have affected up to 6.8 million users and up to 1,500 apps that were built by 876 developers. The only apps that were affected by the bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.

App developers will be receiving tools from Facebook early this week that will allow them to determine which people using their app might be impacted by this bug. Facebook stated that they will be working with those developers to delete the photos from impacted users.

Expect to receive notification from Facebook if you were potentially impacted by this bug. The notification will direct you to a Help Center link where you’ll be able to see if you’ve used any applications that were affected by this bug.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648