Facebook Photo API bug affected up to 6.8 million users

Facebook Photo API bug

Image: developers.facebook

Facebook, the world’s largest social networking site, is currently caught in a data breach. The latest problem is to reveal all the photos uploaded by users.

Under normal circumstances, users can only see photos on the timeline. Vulnerabilities allow developers to build apps that directly access user-uploaded photos.

At the same time, users upload their photos to Facebook but do not choose to publish them, that is, only save the photos on Facebook instead of being open to all users.

Image: developers.facebook

Vulnerabilities also allow developers to use the interface to read unpublished photos from users. A preliminary Facebook survey revealed that the security issue involved approximately 6.8 million users.

A slightly better news is that at least the user-approved application can read the user’s photo.

Facebook said that in view of this emergency, the application has been suspended from exploiting the relevant interface, and the company will launch a new version of the developer tool for bug fixes next week.

In addition, Facebook will work with developers to delete photos that have not been confirmed by the user as soon as possible, and Facebook will notify the affected users as soon as possible.

Finally, Facebook recommends that users log in to their accounts to check which applications can read their own data. For programs that are not used, they should be cancelled as soon as possible.