A Facebook bug causes apps to access personal photos of users. Facebook revealed that it had experienced a bug with their Platform API Photo, so that it accidentally provided access to users' photos to developers. In a post, FB said this bug had affected more than 1,500 apps and more than 6.8 million users.
Bugs allow applications that have been installed by users to draw their timeline photos to also receive Facebook Stories, Marketplace photos. And most worrying, the photos they uploaded to Facebook were never shared in stories and timelines.
Facebook said that the bug lasted 12 days, from September 13 to September 25. Facebook told TechCrunch that it had found a bug, and that the bug did was a violation. So they told the EU privacy supervisor, the Office of Data Protection Commissioner (IDPC) on November 22. IDPC has begun a careful investigation of the violation case.
Facebook apologizes because this bug has harmed its users. The plan is that early next week they will launch a tool for application developers that allows them to determine the people who use their applications may be affected by this bug.
They will work with these developers to delete photos from users who are affected by bugs. Facebook will also notify people who are potentially affected by bugs through Facebook. Notifications will direct them to the Help Center where they can see if they have used any application that has been hit by a bug.
Facebook initially did not disclose when it found it, but in response to TechCrunch's question, a spokesman said that was discovered and fixed on September 25. They say it takes time for companies to investigate the applications and affected people.
This delay in reporting can put Facebook at risk of GDPR fines. Because it doesn't immediately reveal the problem within 72 hours. Fines filed on Facebook even reached 20 million pounds, or about 4 percent of their annual global income.