A bug that was discovered on Facebook may have granted access to third-party apps to view user’ photos that were partially uploaded but not published. This bug may have affected 6.8 million users. Around 1500 apps by 867 developers had access to pictures outside of the user’s timeline. However, it has been clarified that the apps didn’t try to gain access, but the API bug allowed them undue access to the un-posted pictures.
This bug was live with Facebook for 12 days between September 15th and 25th. The usual protocol is to declare any bugs within 72 hours or face heavy fines. However, Facebook has clearly delayed this. Under the European GDPR laws, fines for non-disclosure can be as heavy as 4 percent of the annual global turnover.
As per media reports, Facebook told them that they took their time to investigate which apps and users were affected by the bug and simultaneously build warning alerts. All the affected users will be notified soon on the Facebook App.
Christine Bannan, counsel for the Electronic Privacy Information Center (EPIC), said – “It’s another example of FB not taking privacy seriously enough. Facebook just wants as much data as possible and just isn’t careful with it. This is happening because they are having developers have access to their platform without having standards and safeguards to what developers have access to”
Earlier this year, Facebook was plagued by yet another problem where the company revealed that 90 million accounts had been accessed by hackers. And in October, they had been fined with a whopping amount of 50,000 euros by the Information Commission. With the API photo bug, it’s still not clear as to which apps got access to the photos they weren’t supposed to view.
Gennie Gebhart, researcher at EEF Electronic Frontier Foundation stated – “2018 has been the year of Facebook and other tech companies violating these privacy expectations, with nothing resembling informed consent. It is important to differentiate this from Cambridge Analytica, which wasn’t a bug. That was a platform behaving as it was intended. This is a different breed of privacy violation. This was an engineering mistake in the code. Of course, on the user end, those technicalities aren’t important. This is just another huge Facebook privacy scandal.”
The privacy advocates globally have expressed concern and shock over the privacy issue.