The bug permits 1,500 apps built by 876 developers to view user’s unposted photo which gets stored as drafts.
On Friday Facebook revealed that there is a bug in its platform which enables the third-party apps to get easy access to unpublished photos of 6.8 million users.
Facebook keeps the copies of photo drafts. Thus, if anyone uploads a photo but it does not finish posting it then the picture will get stored in face book’s catalog. The bug found in Facebook’s platform gave the third-party apps easy access towards these drafted photos.
The social-media company in one of their statements said that they had found the bug in a photo Application Program Interface (API). The virus troubled and afflicted the platform for 12 days. It plagued Facebook from September 13th to September 25th. Although the virus gets fixed now, it has given the ‘’access to third-party apps to a wider set of photos than it used to give.’’ Facebook said.
But Facebook typically allows apps with permissions to get access to photos which people can share on their timeline. Tom Bar, an engineering director at Facebook, in a post on Friday said; ‘’ In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos which people upload on Facebook but choose not to post.’’
Facebook has also said that almost 6.8 million users get affected along with up to 1,500 apps built by 876 developers. The company states that it will warn the potentially affected users.
The social media company also states that; ‘’Early next week we will be rolling out of tools for app developers which will allow them to determine which people who are using their app may get affected by the bug’’. They have given assurance that they will be working with those developers to delete the photos from the affected users.
One of the most used social media platforms has found itself involved in a collection of security incidents this year and this is the latest one.
Moreover, in May, Facebook software bug switches the ‘’suggested audience’’ posts to ‘’public’’ for 14 million users. The flaw means that Facebook users who often think that they were sharing content with only friends or restricted people in real made their posts available to the general public.
In September, Facebook states that hackers exploit a flaw in it’s ‘’View As’’ features which had left the access tokens of nearly 50 million Facebook user accounts ready to take.
Facebook tries to makes its security more robust as a reaction to all the data-related incidents like this one and the previous one. In March, company announces that it will expand the bug bounty program in an attempt to thwart and foil the improper data handling by third-party app developers.