× Business BUSINESS MOTORING SHIPPING & LOGISTICS DR PESA FINANCIAL STANDARD Digital News Videos Health & Science Lifestyle Opinion Education Columnists Moi Cabinets Arts & Culture Fact Check Podcasts E-Paper Lifestyle & Entertainment Nairobian Entertainment Eve Woman Travelog TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified Jobs Games Crosswords Sudoku The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS

Facebook bug exposes millions of users photos

By Mirror | Dec 15th 2018 | 2 min read
By Mirror | December 15th 2018
Facebook exposed user's unpublished photos to app developers: [Photo: Getty]

A newly-discovered bug may have given access to photos people uploaded to Facebook but did not publish.

Affecting people who granted permission to third-party apps to access their photos, the bug could involve 6.8 million users.

As many as 876 developers and 1,500 apps could have been able to see photos that users had opted not to share with friends, but had uploaded to the platform.

The bug was in the API that developers use to provide Facebook photo functionality to their apps. For example, if an app allows you to add stickers to your snaps, it would use this API to upload the modified image to the platform.

According to Facebook the API was live with the bug for 12 days between September 13 and 25 this year.

Companies that discover bugs are supposed to declare them within 72 hours or face hefty fines. In this case Facebook missed that deadline while it investigated the issue.

Failure to make this disclosure can open the company to a fine under European GDPR laws. Fines can be up to 4 per cent of annual global turnover, meaning Facebook could be facing a substantial penalty.

Next week the company will roll out tools that will allow developers to determine which people using their apps were affected. It will help developers delete photos they shouldn't have access to.

Affected users will see a notification in the Facebook app soon.

This issue comes after a particularly troublesome few years for the social network. Earlier this year the company admitted that 90 million accounts could have been accessed by hackers.

In July the company was fined £500,000 in October by the Information Commissioner for failing to protect user data.


Share this story
Eskom's debt transfer to SA’s government credit neutral - Moody's
Eskom’s request for South African government to take up its debt could cause the country’s debt ratio to jump two percentage points.
China rejected Kenya's request for Sh32.8b debt moratorium
China is Kenya’s largest bilateral lender with an outstanding debt of Sh692 billion.