Facebook Flaw Exposes Private Photos for 6.8M Users


The bug allowed 1,500 apps built by 876 developers to view users’ unposted “draft” photos.

Facebook on Friday disclosed a bug in its platform that it said enabled third-party apps to access unpublished photos of 6.8 million users.

Facebook stores copies of photo drafts, so if someone uploads the photo but doesn’t finish posting it, the photo will still be stored in the platform’s database. The bug gave third-party apps access to these drafted photos.

The social-media company said that it discovered the glitch in a photo application program interface (API) that plagued the platform for 12 days, between Sept. 13 to Sept 25. The bug, which has since been fixed, gave some third-party apps “access to a broader set of photos than usual,” Facebook said.

Read more…
Source: ThreatPost