Facebook Inc. is headed into the weekend with another privacy blunder on its hands.
The social networking giant today disclosed that a security bug gave external applications overly broad access to as many as 6.8 million users’ photos.
Normally, an application that is granted permission by a user to view their photos can only pull items from their Timeline. The flaw exposed photos in Facebook Stories and Marketplace as well as files that users had uploaded to the social network but didn’t share publicly.
Today’s disclosure comes about three months after the incident took place. According to Facebook, the flaw facilitated expanded application access to images for 12 days in September.
The same month, the company disclosed that hackers had exploited a different security bug to steal personal information about tens of millions of users. Facebook initially said 50 million members fell victim to the breach but later revised the number to 30 million. The compromised data included details such as names, phone numbers, birthdates and locations.
Although smaller in comparison, the disclosure that 6.8 million users’ photos were exposed still amounts to a major breach of privacy. It will also create headaches for the 876 authorized Facebook developers whose applications are believed to have accessed those photos. They’ll have to find and purge potentially millions of images from their applications, if not more — a painstaking process.
Facebook said it will release tools to help developers remove inappropriately retrieved photos next week. The company will also notify affected users so that they can track down potentially exposed images on their own.
It’s notable that the security bug behind the incident affected one of Facebook’s application programming interfaces, much like the recently reported Google+ flaw responsible for exposing 52 million users’ information. That incident was preceded by a smaller Google+ privacy compromise that was likewise caused by an API issue.
In the case of Facebook, its recent security missteps represent only part of the reason why it’s suffering from the diminished public trust. The company’s business practices are another source of criticism. Only yesterday, The Guardian published a scathing report that cited former and current Facebook fact-checkers as saying they were only hired for publicity reasons. Facebook has strongly pushed back against the accusations.