A Facebook bug let app developers see photographs users had uploaded, but never posted, the social network said.
For two weeks in September, an error in the way Facebook shares photographs with third parties meant that apps could see not only photos users had posted on their Newsfeed, but also pictures in other parts of the site — on Facebook Stories or Facebook’s Marketplace, for instance.
The bug also “impacted photos that people uploaded to Facebook, but chose not to post,” Facebook developer Tomer Bar said in a statement on Friday.
Importantly, the only applications that had access to the hidden photographs were those to which users had already granted access to all their public photos, through the company’s application programming interface, Bar said.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar said.
Users affected are those who had given permission to third-party apps to access their photos through the Facebook log-in function. There is no evidence that the bug led to any large-scale extraction of photos from the site.
“We’re sorry this happened,” Bar added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
The error is comparatively minor given Facebook’s scale.
In September, almost five times as many accounts were affected by a data breach in which hackers accessed personal information, including name, relationship status, search activity and recent location check-ins.
“The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as,’ a feature that lets people see what their own profile looks like to someone else,” Facebook vice president of product management Guy Rosen said at the time.
“It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he added.
Malaysia yesterday installed a motorcycle-riding billionaire sultan as its new king in lavish ceremonies for a post seen as a ballast in times of political crises. The coronation ceremony for Malaysia’s King Sultan Ibrahim, 65, at the National Palace in Kuala Lumpur followed his oath-taking in January as the country’s 17th monarch. Malaysia is a constitutional monarchy, with a unique arrangement that sees the throne change hands every five years between the rulers of nine Malaysian states headed by centuries-old Islamic royalty. While chiefly ceremonial, the position of king has in the past few years played an increasingly important role. Royal intervention was
Hong Kong microbiologist Yuen Kwok-yung (袁國勇) has done battle with some of the world’s worst threats, including the SARS virus he helped isolate and identify, and he has a warning. Another pandemic is inevitable and could exact damage far worse than COVID-19 pandemic, said the soft-spoken scientist sometimes thought of as Hong Kong’s answer to former US National Institutes of Health director Anthony Fauci. “Both the public and [world] leaders must admit that another pandemic will come, and probably sooner than you anticipate,” he said at the city’s Queen Mary Hospital, where he works and teaches. “Why I make such a horrifying prediction
A high-ranking North Korean diplomat stationed in Cuba defected to South Korea in November last year — just months before Seoul and Havana established diplomatic ties, the South Korean National Intelligence Service said yesterday. North Korean diplomat Ri Il-kyu had been responsible for political affairs at Pyongyang’s embassy in Cuba since 2019, tasked specifically “with obstructing the establishment of diplomatic relations between South Korea and Cuba,” South Korea’s Chosun Daily reported. Ri defected to South Korea with his wife and children in early November, making him the highest-ranking North Korean diplomat known to have defected since then-North Korean deputy ambassador to the
The Philippine Air Force must ramp up pilot training if it is to buy 20 or more multirole fighter jets as it modernizes and expands joint operations with its navy, a commander said yesterday. A day earlier US National Security Adviser Jake Sullivan said that the US “will do what is necessary” to see that the Philippines is able to resupply a ship on the Second Thomas Shoal (Renai Shoal, 仁愛暗沙) that Manila uses to reinforce its claims to the atoll. Sullivan said the US would prefer that the Philippines conducts the resupplies of the small crew on the warship Sierra Madre,