This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/technology/2018/dec/14/facebook-admits-bug-app-developers-hidden-photos
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Facebook admits bug allowed apps to see hidden photos | Facebook admits bug allowed apps to see hidden photos |
| (about 1 month later) | |
| A Facebook bug let app developers see photos users had uploaded but never posted, the social network has disclosed. | A Facebook bug let app developers see photos users had uploaded but never posted, the social network has disclosed. |
| For two weeks in September, an error in the way Facebook shares photos with third parties meant that apps could see not only photos users had posted on their newsfeed, but also pictures in other parts of the site – on Facebook Stories or Facebook’s Marketplace, for instance. | For two weeks in September, an error in the way Facebook shares photos with third parties meant that apps could see not only photos users had posted on their newsfeed, but also pictures in other parts of the site – on Facebook Stories or Facebook’s Marketplace, for instance. |
| The bug also “impacted photos that people uploaded to Facebook but chose not to post”, a Facebook developer, Tomer Bar, said in a statement on Friday. | The bug also “impacted photos that people uploaded to Facebook but chose not to post”, a Facebook developer, Tomer Bar, said in a statement on Friday. |
| Facebook's privacy problems: a roundup | Facebook's privacy problems: a roundup |
| Importantly, the only applications that had access to the hidden photos were those to which users had already granted access to all their public photos, through the company’s API (application programming interface), Bar said. | Importantly, the only applications that had access to the hidden photos were those to which users had already granted access to all their public photos, through the company’s API (application programming interface), Bar said. |
| “Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.” | “Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.” |
| Users affected are those who had given permission to third-party apps to access their photos through the Facebook login function. There is no evidence that the bug led to any large-scale extraction of photos from the site. | Users affected are those who had given permission to third-party apps to access their photos through the Facebook login function. There is no evidence that the bug led to any large-scale extraction of photos from the site. |
| “We’re sorry this happened,” Bar added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.” | “We’re sorry this happened,” Bar added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.” |
| The error is comparatively minor given Facebook’s scale. In September, almost five times as many accounts were affected by a data breach in which hackers accessed personal information including name, relationship status, search activity and recent location check-ins. | The error is comparatively minor given Facebook’s scale. In September, almost five times as many accounts were affected by a data breach in which hackers accessed personal information including name, relationship status, search activity and recent location check-ins. |
| Guy Rosen, a Facebook vice-president, said at the time: “The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as’, a feature that lets people see what their own profile looks like to someone else. | Guy Rosen, a Facebook vice-president, said at the time: “The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as’, a feature that lets people see what their own profile looks like to someone else. |
| “It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.” | “It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.” |
| Social networking | Social networking |
| Apps | Apps |
| Privacy | Privacy |
| Data protection | Data protection |
| news | news |
| Share on Facebook | Share on Facebook |
| Share on Twitter | Share on Twitter |
| Share via Email | Share via Email |
| Share on LinkedIn | Share on LinkedIn |
| Share on Pinterest | Share on Pinterest |
| Share on WhatsApp | Share on WhatsApp |
| Share on Messenger | Share on Messenger |
| Reuse this content | Reuse this content |