Facebook said on Friday it allowed third-party developers to access photos of up to 6.8 million users — including images uploaded but not shared — over the course of 12 days in September.
“We’re sorry this happened,” the company said on its developer blog. This bug was discovered the same day Facebook discovered hackers scraped more than 30 million users’ personal information.
The revelation of the now-fixed problem serves as yet another reminder of just how much data Facebook has on its 2.27 billion users, as well as how frequently these privacy breaches are recurring.
“There’s no way to get around the fact that privacy breaches like this can undermine overall user sentiment,” said Virginia Tech professor Aaron Brantly, who teaches about cybersecurity matters.
The bug is the latest in a series of privacy lapses that continue to crop up, despite Facebook’s repeated pledges to batten down its hatches and do a better job preventing unauthorized access to the pictures, thoughts and other personal information its users intend so share only with friends and family.
The problem comes in a year fraught with privacy scandals and other problems for the world’s biggest social network. Revelations that the data-mining firm Cambridge Analytica improperly accessed data from as many as 87 million users led to congressional hearings and changes in what sorts of data Facebook lets outside developers access. In June, a bug affecting privacy settings led some users to post publicly by default regardless of their previous settings.
“As Facebook is growing, it has now encountered multiple problems in this period of the course of one year in which their software development pipeline has some flaws that need to be worked out more thoroughly,” Brantly told the Herald.
With each breakdown, Facebook risks losing credibility with both its audience and the advertisers whose spending generates most of the company’s revenue.
While bugs do occur across many other social media platforms, the confluence of political events and a series of privacy breaches in one year have raised Facebook’s profile.
“These incidents indicate a potential challenge within their internal software development structures,” Brantly said, adding that the company might not have notified users until full knowledge of the breach, otherwise “they’re releasing premature information to the FCC, it could potentially affect their market share and cause regulatory problems with the SEC.”
Brantly’s tip for users: Be cautious in allowing access to photos or types of personal information on social media. “The more information users put in, the more they are susceptible they are to identity theft or fraud,” he said.
Herald wire services contributed to this report.
