News Centre

AGAIN: New Facebook Bug Exposed 6.8 Million Users

Article by Diogo Correa
December 17, 2018

Once again Facebook are under scrutiny for bad protection efforts. The Tech Giants latest screw-up was a programming bug that gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 Million users. This comes at the back of Google saying they will be shutting down Google+ 4 months earlier after another data breach.

Facebook quietly, via its developer’s blog, announced over the weekend that they have discovered a new API bug in its photo-sharing platform that let 876 developers access users’ private photos. The worst part is that if you went to post a photo and decided not to… your photo was still stored and accessed by 3rd party businesses including photos on Facebook market place and facebook stories.

When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories

Facebook Stated.

The private data of the millions that were breached was exposed and available for 12 days, between September 13th and September 25th, until Facebook’s security team detected the vulnerability and fix the issue.

Facebook started notifying impacted users of the flaw through an interesting alert on affected users timeline in which directs them to the Help Centre page that has further information on the breach.

facebook photo API leak
Statement from Facebook

Currently, we believe this may have affected up to 6.8 Million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos

Facebook Said

The tech mega giants also stated that in 2019 they will be looking to roll out “tools for app developers that will allow them to determine which people using their app might be impacted by this bug.”

It’s no secret that 2018 has been a rough year for Facebook, first, the Cambridge Analytica scandal, then we reported the 30 Million Facebook accounts that were hacked, then when we thought it was all over we posted on how Facebook allowed for another vulnerability within its platform.

Please stay safe, if you’re a business that has a BYOD device model please read this.


Other Articles You May Enjoy:

Ransomware Becomes Biggest Threat To SMEs
Official IT Provider For The Australian Open
Australia Passes Anti-Encryption Bill (Everything You Need to Know)
Fastest Spread Ransomware Attack In China’s History



Diogo Correa

Head of Sales

Diogo has a Bcom in International Business and has forged Technology deals for multiple Enterprise-Grade businesses along with government organisations, across Australia. He is passionate about technology and leading our clients into digital alignment through our innovative Technology Success Program that he has helped build from the ground up.

emotet trojan

New ‘Undetectable’ Email Virus Hits Australia

Compliance - Tech-Success

5 Ways To Stay Compliant With CLI Requirements

cyber liability deny claim

Top 5 Reasons Cyber Liability Companies Will Deny Your Claim

Tech Patrol - Computer Security

How to Assess the Value of Advanced Endpoint Security Solutions

Scroll to Top