Friends, I have some news that will shock you. Facebook, trusted and beloved social-media platform with a pristine reputation, has goofed. They are “sorry,” if that’s any sort of comfort. Thanks to a bug, for 12 days in September “third-party apps may have had access to a broader set of photos than usual,” the company explained in a blog post on Friday.
In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it — maybe because they’ve lost reception or walked into a meeting — we store a copy of that photo so the person has it when they come back to the app to complete their post.
Facebook says the bug impacted 6.8 million users. (For scale, Facebook has over 2 billion monthly active users.) If you’re among them, Facebook says it will be notifying you via a Facebook alert. It also recommends, “people log into any apps with which they have shared their Facebook photos to check which photos they have access to.” (Which sounds like Facebook doing very little to help people impacted by this breach and even less to help people looking to avoid future breaches, but, hey, you can check those apps yourself!)
Earlier this year, Facebook apologized after New York uncovered a bug where videos users recorded in Facebook but never posted had secretly been saved for years. Facebook also said it would delete all the wrongly saved videos. It never responded to New York’s question as to whether or not users were going to be able to confirm this actually happened.