Facebook’s gone ahead and done it again – there’s been yet another security breach at the social networking behemoth. This time, the issue affected 6.8 million users, 1500 apps, and 876 developers.
To make things worse, Facebook has taken nearly 3 months to reveal the problem to the public. It told TechCrunch that it discovered the photo API bug on September 25. As it turns out, that was the same day it got hit with an attack which stole the login details of over 50 million members.
Did Facebook Hide Its Blunder?
It’s possible that Facebook kept this photo bug under wraps to stop people from getting madder than they already were at its incompetent privacy measures. The security hole basically allowed third-party apps to access photos which they shouldn’t have been allowed to touch from September 13 to September 25.
Facebook’s blog post explains that it normally allows apps to only access images shared on a person’s timeline. The bug disrupted this by letting applications grab snapshots from Marketplace and Facebook Stories, in addition to photos uploaded to the site but not posted because of connectivity issues or any other interruption. Apparently, it keeps copies of these unfinished images for 3 days.
Facebook says it does this so that users can go back and publish them later. Still, it sounds pretty creepy to keep images which a user has only partially uploaded and may have no intention of posting. Thankfully, no private Facebook Messenger or camera roll/computer images were exposed.
Facebook’s official reason for delaying this serious security leak is that it took time to investigate which apps and users were affected. It also had to build and translate the warning notification (see above) which it’s sending to impacted members at the moment.
Like before, Facebook is apologizing for this huge blunder. After so many mistakes, users may not be in a forgiving mood.