New Facebook API bug exposed private photos from almost 6.8 million users

almost 3 years ago by IanDorfman

In more news showcasing security vulnerability at social media giant Facebook, the network announced that it has discovered a bug within its photo application program interface that allowed app developers that users signed up to use to see photos that users decided not to share with anyone on the service.

In a news release posted on its developer-focused blog, Facebook Engineering Director Tomer Bar detailed that this photo API bug enabled these third party developers to have access to private photos in a 12-day window from September 13, 2018 to September 25, 2018.

Users potentially impacted by this bug will be informed via an alert within Facebook that links them directly to this Facebook Help Center article with further details. Additionally, Facebook will be working with third party app developers to delete the photos from users impacted by this bug.

This is the latest in a series of showcases in Small Facebook iconFacebook's negligence towards ensuring the full privacy of its users. In an extra dose of coincidence, this API bug was discovered on September 25th, the same day that Facebook discovered the data breach that impacted more than 50 million users.

Further coverage:
Facebook for Developers blog
The Verge


  • FreeProprietary
  • Windows
  • Online
  • Android
  • iPhone
  • Blackberry
  • Windows S
  • Android Tablet
  • Windows Phone
  • iPad
  • KaiOS

Facebook's mission is to give people the power to share and make the world more open and connected.

Millions of people use Facebook everyday to keep up with friends, upload an unlimited number of photos, share links and videos, and learn more about the people they meet.

971 likes 210 Alternatives

❯ Alternatives to Facebook