In yet another security incident, on Friday, Facebook revealed that a bug in one of its APIs exposed the private photos of nearly 6.8 million users.
The photo API bug affected people who used Facebook Login, and granted permission to third-party apps to access their photos. Typically, when a Facebook user gives permission for an app to access their photos, it is only given access to those pictures that the user shares on their timeline. But the bug gave third-party app developers access to a broader set of photos, including those shared on Marketplace and Facebook Stories, as well as those a user uploaded to Facebook but chose not to post.
SEE: Intrusion detection policy (Tech Pro Research)
While Facebook said it has fixed the issue, some of these apps may have had access to that broad set of photos for 12 days, from September 13-25, 2018. The bug may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers, according to Facebook.
Facebook said it would notify users whose photos were affected by the bug, including those who installed any of the 1,500 apps and gave those apps permission to access photos. Users will then have the option to uninstall those apps if they want to. Users should also check their photo permissions on all other apps as well, Facebook recommended.
SEE: Brute force and dictionary attacks: A cheat sheet (TechRepublic)
If you did not receive a notification but want to find out if you were affected by the bug, you can visit this help page while logged into Facebook on your browser. If any of your apps were impacted, they will show up here, and you can decide if you want to keep the apps or change permissions.
The big takeaways for tech leaders:
- A Facebook API bug potentially exposed the private photos of up to 6.8 million users to third-party developers.
- Users can go to a Facebook help page to determine if any of their apps were affected.
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy template download (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2018 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.