Skip to Content

Facebook Discovers New Security Flaw Affecting Up to 6.8 Million Users

Facebook users have another privacy breach to worry about.

The company, on Friday, announced it had discovered a bug in its code that exposed unshared photos of as many as 6.8 million users to third parties.

The vulnerability occurred between September 13 and September 25, Facebook said in a blog post. The issue has since been resolved.

“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” the company said. “In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo so the person has it when they come back to the app to complete their post.”

As many as 1,500 apps built by 876 developers were given access to the unshared pictures.

Facebook says it will make tools available to app developers next week so they can determine which users were impacted by the incident and will work with developers to delete the photos. Facebook also plans to alert affected users via an alert when they visit Facebook.

It’s the latest in a series of privacy concerns for the social media site. Facebook (and Google) have been accused of manipulating users to give up their data. And the company is still recovering from the Cambridge Analytica scandal.