Facebook on Friday announced a new data breach that has affected 6.8 million of its users and 1,500 apps connected to the social service. Due to an API bug, third-party developers had access to your photos you never gave permission to see between September 13th through September 25th. Normally, apps should only have access to photos in a user’s timeline. But while this bug was active, apps had access to photos in user accounts that they didn’t choose to post.
Here is how Facebook explains the data breach in its announcement on Friday:
The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.
The company has since fixed the breach, however, and photos are no longer exposed. “We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018,” explains Facebook exec Tomer Bar. Facebook continues to say in the announcement: “We’re sorry this happened.”
Check if Your Photos Were Exposed in the Latest Facebook Bug
To check if your unpublished photos were exposed, head to this page and sign in to your account if prompted. A notification box near the bottom of the explanation is where you’ll find out if your account was affected. It will also provide instructions on steps to take and what to do if you were affected
This latest Facebook breach comes on the heels of a similar data breach that happened to Google. Earlier this week Google+ exposed the data of 52.5 million of its users after a bug was discovered in an API update. However, Google is shutting down its failed social network and you should delete your Google+ profile if you have one.
Facebook, of course, will continue on, and will continue to have data breaches as nothing online is 100% secure. This breach isn’t as bad as the 30+ million accounts hacked earlier this year, but it’s all part of a growing trend. Obviously, not a good trend.
If you use Facebook, be judicious about the type of data you put up, implement two-factor authentication to your account, and review your privacy settings for good measure. You should also know that you can use Facebook Messenger without a Facebook account. And if you’re just tired of the service and just want out, consider deleting your Facebook account completely.