Facebook has disclosed a photo glitch earlier on Friday that may have exposed private photos of up to 6.8 million users.
Facebook said it allowed some 1,500 software apps to access private photos for 12 days ending Sept. 25.
“We’re sorry this happened,” Facebook said in a blog.
The European data law requires companies to report data breaches to authorities within 72 hours, giving regulators authority to impose fines of up to 4 percent of annual global revenue for infractions.
Facebook said it would alert users whose photos may have been exposed.
Ankush Johar, director at Infosec Ventures, said users are suggested not to provide any permission to ‘silly’ Facebook Apps that provide no utility and immediately take corrective action by retracting permission from needless apps. This can be done via the ‘security and privacy settings’ on the Facebook App or Website.
In this specific instance, only those users may have been affected who gave access to third party Facebook apps that had access to their photos, but as seen in past Facebook hacks, hackers are easily able to develop fake apps like “Quiz Apps” and “What Celebrity You Look Like Apps” for example, that appear to need genuine reasons to access photos, friend lists etc but in the background they steal information of users.
The latest glitch indicates that Facebook has failed to make progress in bolstering security and privacy after a series of embarrassments.
They include the Cambridge Analytica scandal in which the British political consulting firm harvested data of at least 87 million Facebook users and sold it for political use and a security breach for nearly 30 million users.
The bug affected users who give third-party applications permission to access their photos.
Facebook typically only grants such apps access to photos shared on a user’s timeline, but the bug potentially gave developers access to other photos, including ones that were uploaded but not posted, and ones shared on Marketplace and Facebook Stories, the company said.