571 total views, 1 views today
After only a day of hosting a pop-up store in Bryant Park in New York City talking about privacy being the “foundation of the company,” Facebook disclosed that there was a security flaw which potentially exposed both public and private photos of upwards of 6.8 million users to developers.
Last Friday, the company stated in a blog post that they discovered this bug late September which gave third-party developers access to users’ photos, including those uploaded to Facebook servers, but not shared publicly. The security flaw exposed photos between September 13 through 25, affecting 1,500 apps and 876 developers.
The blog post went on to say this:
“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
Since the time of this post, Facebook hasn’t responded to questions concerning whether the staff at the pop-up store were aware of the security flaw.
Facebook also elaborated on the bug further. For one thing, developers do typically get access to photos that people share on their timelines. However, this bug granted apps the ability to see photos that are shared on Marketplace (the peer-to-peer buy and sell service) as well as Stories. That being said, they didn’t get access to any photos that are shared through the Messenger app.
You might also be wondering why there was a two-month delay about the announcement of this breach and Facebook explained that too. They noted that bringing up this issue now was due to their understanding of the bug’s impact. Facebook also added that they believe they were following European GDPR disclosure – which requires you notify security breaches to officials within 72 hours – because they needed to investigate whether the breach was required that kind of disclosure.
Right now though, they are notifying users directly affected by this. They’ve set up a help center specifically for users who used apps that were affected by this bug.
This disclosure from Facebook is yet another data mishap to add to their ever-growing pile. The company has been weathering the fallout of Cambridge Analytical scandal still, the disclosed bug that exposed personal info of 30 million users.
What’s even worse about this one though is this comes around the time where Facebook has launched these pop-up stores across the world showing their commitment to user privacy.
In the end, Facebook needs to be working on doing more. The pop-up stores might help. Yet, they need to embrace what it’s CEO, Mark Zuckerberg, said back in March when the Cambridge Analytica scandal came to light:
“We have a responsibility to protect your information. If we can’t, we don’t deserve it.”