Facebook just revealed that a Photo API has given access to the photos of 6.8 million users, which the users uploaded on Facebook but never shared on their timeline or anywhere on Facebook. Facebook says that the bug ran for 12 days from September 13th to September 25th.
Facebook told that they found the bug on September 25th and informed EU’s Office Of The Data Protection Commissioner (IDPC) on November 22nd. Facebook apologized for the issue “We’re sorry this happened”.
Facebook plans to deliver a Facebook notification to the user which it suspected were impacted by the bug.
The head of communications for the IDPC Graham Doyle tells as per Facebook told him that “The bug did not impact photos privately shared through Messenger. The bug wouldn’t have exposed photos users never uploaded to Facebook from their camera roll or computer. But photos users uploaded but either decided not to post, that got interrupted by connectivity issues, or that they otherwise never finished sharing could have winded up with app developers.”
Another privacy failure will weaken the confidence for Facebook as Facebook’s massive security violation that allowed hackers to sweep away 30 million people’s information back in September. October’s bug deleted the People’s Live Videos by mistake. November’s bug allowed the website to read users’ Likes.