Facebook has launched a tool allowing users to check if they were among the 6.8 million people whose private photos may have been exposed to third-party apps, the latest in the social network’s ongoing series of data lapses. News of the security goof broke last week, with Facebook admitting that its photo API had been giving much greater access to user images than intended – including even photos that had never been shared.
Although the bug was only present in the API for a limited period – between September 13 and September 25 of this year, Facebook claims – it still exposed a huge number of people to potential misuse. “Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” the company conceded.
On the one hand, third-party apps that were meant to only have access to photos shared on a user’s Facebook Timeline could also get access to Story and Marketplace images. Potentially more worrying, though, was the revelation that Facebook had been saving copies of images uploaded to the site but never actually posted. That includes shots that may have been uploaded to a draft status update, but which the user eventually decided to abandon.
Facebook promised to notify those potentially at risk of having their photos comprised in this way, and now it has launched a new tool that can flag if your content was subject to the bug. The new help page requires you to be logged into your Facebook account when you view it, in order to see whether or not you were affected.
Whether you’re impacted will depend on the third-party apps you use, and of course how you use Facebook itself. “The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos,” the company pointed out last week. Still, it could be enough to give those developers quite the cache of content they were never intended to see.
Facebook says it is contacting the developers in question, and instructing them to delete the photos they may have incorrectly had access to. “Developers will then be able to obtain access to the set of photos which would normally have been shared,” the company says. It’s also recommending that users log into any apps where Facebook photos have been shared, “to check which photos they have access to.”
Notably, this glitch wasn’t down to Facebook’s privacy settings, which the company has modified over the past 12-18 months under the guise of making them more straightforward and easy to understand for users. The issue has, of course, now been addressed, though it’s unlikely to do anything to encourage those considering quitting Facebook over its recent handling of personal information to stick around.