Facebook exposed up to 6.8 million users’ private photos to developers in latest leak

Facebook exposed private photos from up to 6.8 million users to apps that weren’t supposed to see them, the company said today. These apps were authorized to see a limited set of users’ photos, but a bug allowed them to see pictures they weren’t granted access to. These included photos from people’s stories as well as photos that people uploaded but never posted (because Facebook saved a copy anyway).

The exposure occurred between September 12th and September 25th. Facebook told TechCrunch that it discovered the breach on the 25th; it isn’t clear why the company waited until now to disclose it. (Perhaps it’s because the company was dealing with a separate and substantially larger breach that it also discovered on September 25th.)

Affected users will receive a notification alerting them that their photos may have been exposed. Facebook also says it’ll be working with developers to delete copies of photos they weren’t supposed to access. In total, up to 1,500 apps from 876 different developers may have inappropriately accessed people’s pictures.

Facebook said the bug had to do with an error related to Facebook Login and its photos API, which allows developers to access Facebook photos within their own apps. All of the impacted users had logged into a third-party app using their Facebook accounts and granted them some degree of access to view their photos.

“We’re sorry this happened,” writes Tomer Bar, engineering director at Facebook. The disclosure comes exactly one day after Facebook opened a pop-up installation in New York to show people how “you can manage your privacy” on the site.

Facebook has been in hot water again and again this year over data breaches and exposures, most notably with Cambridge Analytica. In many cases, the problems haven’t been caused by hackers, but they have stemmed from issues within Facebook itself. The Cambridge Analytica breach happened because of Facebook’s lax oversight of developers and data sharing; today’s issue happened because of another breakdown in communication between Facebook and developers.

Google has already pledged to shut down Google+ over similar issues. Twice this year, the service exposed information inappropriately to developers.

source: theverge.com

يبدو أن المشاكل سوف تظل تلاحق فيسبوك حتى نهاية هذا العام، الذي هو بالتأكيد من أصعب الأعوام التي تواجه عملاق التواصل الاجتماعي.

فقد أعلنت الشركة الأميركية يوم الجمعة على مدونتها أنها اكتشفت خللا تقنيا يسمح لمطوري التطبيقات الذين يستخدمون برمجياتها بالوصول إلى الصور التي حمّلها الأشخاص على فيسبوك ولكنهم لم يشاركوها.

وقالت فيسبوك في بيانها إن هذا الخطأ قد أثر على 6.8 ملايين مستخدم، و1500 تطبيق، و876 مطور تطبيقات، على حد قول الشركة، ونوهت إلى أن الخلل حدث في سبتمبر واستمر لمدة 12 يوما.

واعتذرت الشركة للمستخدمين عن هذا الخطأ، ووعدت بطرح أدوات لمطوري التطبيقات الأسبوع القادم تسمح لهم بتحديد المستخدمين الذين تضرروا من هذا الخطأ، وحذف الصور الخاصة بهم.

وذكرت فيسبوك أن المستخدمين المتضررين من هذه الحادثة سيستلمون إشعارات من الشركة لتوضيح الخلل والإجراءات الواجب اتباعها.

كما نصحت المستخدمين بالتأكد من التطبيقات التي شاركوا فيها صورهم على فيسبوك للتحقق من خصوصية الصور التي يمكنهم الوصول إليها بحسب ما ذكر البيان.