Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users -- 3rd Update
December 14 2018 - 6:32PM
Dow Jones News
By Aisha Al-Muslim and Deepa Seetharaman
Facebook Inc. said pictures belonging to up to 6.8 million users
may have been exposed by a software glitch that granted app
developers access to the photos, the latest in a series of privacy
lapses at the social-media giant.
Up to 1,500 apps may have had improper access to photos that
weren't yet shared by Facebook users, including in draft posts,
from Sept. 13 to Sept. 25, the company said Friday in a post on its
developers' blog.
A company spokeswoman said Facebook found and fixed the bug on
Sept. 25 after an internal team made the discovery.
The impact of the breach isn't yet clear, including whether any
developers accessed the photos during the window when they were
improperly made available.
Facebook's privacy safeguards have become a mounting problem for
the company. Earlier this week, the Menlo Park, Calif. company
opened a 24-hour pop-up shop in New York City designed to educate
holiday shoppers and tourists about its privacy controls and the
steps individuals can take to safeguard their data.
Consumer backlash has contributed to slowing revenue growth for
Facebook, and a more than 25% decline in the stock price over the
past five months. The sagging stock price has also resulted in
flagging morale at the company. Facebook shares dropped less than
1% on Friday, to $144.06.
Facebook's disclosure Friday also comes as it faces a range of
regulatory inquiries into how it safeguards user privacy, treats
its competitors and controls access to its platform.
Earlier this year, Facebook said the data related to as many as
87 million people may have been improperly shared with Cambridge
Analytica, a political analytics firm. At the time, Chief Executive
Mark Zuckerberg said: "We have a responsibility to protect your
information. If we can't, we don't deserve it."
In September, Facebook reported that hackers gained access to
nearly 50 million accounts in what amounts to the largest-ever
security breach at the social network.
The latest incident also exposes Facebook to fresh scrutiny from
European regulators, who earlier this year enacted legislation
requiring internet companies like Facebook to inform them about
breaches within 72 hours.
Facebook said it informed Ireland's Data Protection Commission,
which is the company's lead privacy regulator in Europe, about the
incident on Nov. 22. The company said it spent roughly two months
after learning of the glitch trying to determine the scope of the
incident and whether it was required to disclose it. The company
said it believes it is in compliance with European law.
In a statement, Graham Doyle, head of communications for the
Data Protection Commission, said the regulator started a "statutory
inquiry" this week to see if Facebook complied.
Facebook then waited several weeks to announce the breach
publicly because it needed to build a notification page and
translate it into multiple languages, the spokeswoman said.
Facebook automatically translates posts presented in the news feed
in more than 60 languages.
"We're sorry this happened," wrote Tomer Bar, engineering
director at Facebook, in the blog post.
Early next week, Facebook will roll out tools for third-party
app developers to determine which people might have been affected
by the application program interface bug that led to the potential
exposure of the photos. Facebook said it would work with the
developers to delete affected users' photos.
Any developer that doesn't certify within two months that it
deleted any photos it improperly obtained will lose access to the
Facebook platform, the company said.
The company, which will notify people potentially affected
through an alert on Facebook, also recommended users log into any
apps with Facebook authorization to check or update photo-sharing
permissions.
"When someone gives permission for an app to access their photos
on Facebook, we usually only grant the app access to photos people
share on their timeline," Mr. Bar wrote. "In this case, the bug
potentially gave developers access to other photos, such as those
shared on Marketplace or Facebook Stories. The bug also impacted
photos that people uploaded to Facebook but chose not to post."
Write to Aisha Al-Muslim at aisha.al-muslim@wsj.com and Deepa
Seetharaman at Deepa.Seetharaman@wsj.com
(END) Dow Jones Newswires
December 14, 2018 18:17 ET (23:17 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Aug 2024 to Sep 2024
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Sep 2023 to Sep 2024