Facebook API Bug Exposes Private Photos

Facebook posted this headline on its developer pages:

Notifying our Developer Ecosystem about a Photo API Bug

While it doesn’t sound like that big a deal, it is. Let me translate for you:

Nearly 7 million of your private photos were exposed… meaning they were no longer private… and they were accessible by third-parties.

The leak happened back in September, but Facebook only announced it in mid-December.

“We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018.” — Tomer Bar, Facebook for Developers Blog

Some 1,500 apps from 876 developers had access to the pictures you marked as private. If it happened to you, Facebook says it will notify you.

“We’re sorry this happened… we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.” — Tomer Bar, Facebook for Developers Blog