You are here

Facebook says bug opened access to private photos

2018-12-14T162357Z_262027458_RC187DE3F630_RTRMADP_3_FACEBOOK-CYBER.JPG
Facebook announced Friday it had discovered a bug that allowed outsiders access to private photos, potentially affecting some 6.8 million people who use the service.

[SAN FRANCISCO] Facebook announced Friday it had discovered a bug that allowed outsiders access to private photos, potentially affecting some 6.8 million people who use the service.

"We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual," said Tomer Bar, an engineering director at the company.

The announcement is the latest in a string of problems the social network has had with consumer data. This most recent incident is somewhat less severe than previous ones. Around 1,500 third-party apps had access to users' uploaded photos — even if they had not posted them publicly to Facebook — from Sept 13 to Sept 25.

Facebook said the number of people affected was probably smaller than 6.8 million, because it doubted that all 1,500 apps gained access to the social network during that 12-day period. The company said it was contacting the 876 developers who built the apps and asking them to check and delete any photos they may have retrieved improperly.

sentifi.com

Market voices on:

The announcement is likely to raise questions among federal regulators about whether Facebook violated a consent decree with the Federal Trade Commission in 2011. Under the agreement, Facebook is prohibited from misrepresenting its privacy and security practices. It also requires the company to obtain users' consent before overriding their privacy choices, and to institute a comprehensive program to protect the privacy and security of users' data.

The company's main data-protection regulator in the European Union, the Irish Data Protection Commission, said Friday that the mounting number of problems required a deeper investigation.

The company found the bug Sept 25, the same day Facebook discovered a data breach that affected 30 million users. But executives did not notify government officials in Europe until November.

The Irish Data Protection Commission said it started an inquiry this week after receiving "a number of breach notifications from Facebook" over the past six months. The investigation could lead to a fine of up to 4 per cent of Facebook's global revenue, or about US$1.63 billion. The regulator can also require Facebook to change how it processes data in the region.

NYTIMES