Facebook bug exposes 6.8 million users private and unpublished photos

15th December 2018

This weeks theme seems to be API bugs and broken access control. Earlier this week Google announced it accidentally made accessible peoples private information through their Google+ API ( see article here ). Now it’s facebooks turn, Facebook developers announced that an error in their Photos API allowed external app developers to access photos that users had never actually shared on their timeline, either through Marketplace photos or unpublished images that users decided not to complete posting.

The Bug remained active for 12 days in September 2018 and it’s estimated nearly 6.8 million users were affected. Facebook are trying to assure thier users that they are working hard with external app developers to get the private images removed from their systems.