Bug exposes 6.8 million Facebook user photos

This is an image of Facebook's wireframe of what their notifications for data breaches.

Security Matters: For more information about permission settings, read our “Guide to managing mobile app permissions.”

On Dec. 14, Facebook announced that third-party developers had gained access to users’ private photos through a bug in the permissions process. This bug was active between Sept. 13 and 25.

Facebook delayed this announcement until they had completed an investigation of the breach. The investigation revealed that 1,500 apps built by 876 developers may have had access to these photos. Facebook will notify all users who were impacted by the bug.

Upon installation, these Facebook apps typically requests permission to access timeline photos. An investigation revealed that the permissions bug exposed photos in scheduled posts and photos shared through Facebook Stories and Marketplace.

Learn more about staying safe online by visiting securitymatters.utoronto.ca.