Skip to content

Facebook leaks 6.8 million of users private photos to app developers

    Facebook in a recent update leaked over 6.8million private photos of their users to app. It lasted for a period of 12days, 13th to 25th of September.

    6.8million private photos of Facebook users isn’t up to the 25million personal details, that was recently stolen. Fortunately, they have said something about this, in a blog post.

    Over this same issue, Google has already pledged to shut down Google+. Twice in 2018, they leaked private photos of their users to app developers.

    Anyways, like the Cambridge Analytical scandal, the users that were involved received a notification alerting them that their photos may have been exposed.


    And like always, it is a bug! Private photos of users are might to be private, but a bug exposed millions of those photos, and made it public.

    Usually, the applications were permitted to see a limited photos, and profile details but due to the ‘Photo API Bug’ the apps saw every photo that wasn’t granted or permitted.

    Facebook said the bug had to do with an error related to Facebook Login and its photos API, which allows developers to access Facebook photos within their own apps.

    Most times, it is advisable not to grant third-party app permission, but the users affected did this using their Facebook accounts and granted them access to view their photos.

    Tomer Bar said “When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.”

    What photos were stolen

    Most of these photos has to do with user’s stories photos, and photos that people uploaded but never posted. Well, Facebook usually save a copy.

    Tomer Bar also added “The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.”

    But you must know that, Facebook stores photos from incomplete posts for three days.

    facebook notification
    Notification to Affected user – Source: Facebook

    Is there solution?

    This bug affected 6.8million of Facebook users, and up to 1,500 apps from 876 different developers. This set of people had an unauthorized access to private photos.

    Understand that the only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.

    But deleting this apps won’t solve the issue, Facebook came up with a solution, but first, they will send some notification to the people affected by this bug via the app.

    Meanwhile, from next week, Facebook will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug.

    And to condole the situation, Facebook said there are working with developers to delete copies of photos they weren’t supposed to access.

    Remember that the below options are still available:

    How to Delete your Facebook

    How to download Facebook Data

    How to deactivate your Facebook

    This isn’t the first time

    On the same 25th of September, the company also understand that someone has over 29 million of their user’s personal details. The numbers were going up and down.

    During the 29million personal details leaks, Facebook’s vice president of product management, Guy Rosen, said “We take these incidents really, really seriously,”