Third applications had access to the photographs. The error was active for 12 days, from September 13 to 25 of this year.
Facebook has reported the existence of an error (bug) in a photo API that, although it has already been corrected, could affect 6.8 million users by allowing third-party applications to access the photos, even those that were uploaded on the platform, but they were not published.
In a statement, the company explained that the error found in a photography API has affected those users who used the method of logging in with the Facebook account in third-party applications and granted permission to access the photographs.
The error was active for 12 days, from September 13 to 25 of this year, and allowed the developers of those applications to access the users’ photographs.
Normally, as explained by Facebook, the permits granted only allow access to the shared photos in the ‘Timeline’, but the ‘bug’ made it possible to access many more, such as the Marketplace, Stories or even those that were uploaded to. the platform but they were not published.
On Facebook, they believe that it has been able to affect “up to 6.8 million users, and up to 1,500 applications built by 876 developers”, as the press release states. The affected applications had the approval of the company to use the API.
The company has assured that the error is corrected, and has informed that next week they will distribute to the developers tools so that they can determine the users of their applications that have been affected and be able to eliminate the photographs.
They will also notify affected users through the social network, and recommend those who have used the login with Facebook in the applications, to check the permissions granted to photos.