Facebook reported a breach in its system due to a bug which may have exposed pictures of nearly 6.8 Mn users across the world for over 12 days between September 13 and 25, via third-party applications, just after Google+ reported a second breach in its data.
In an official blog post, Tomer Bar, Facebook engineering director, has stated that the issue has been fixed however the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.
Further, it also gave access to photos that people uploaded to Facebook but did not post. Bar said that if a user does not complete an upload, then the company saves a copy of pictures for three days.
Apologising for the breach, Bar informed that it will be rolling out tools for app developers early next week, which will allow them to determine if people using their app have been impacted by this bug. Facebook will be working with those developers to delete the leaked photos.
The company will also notify the users who have been potentially affected by the breach, directing them to a Help Center link where they can find if any of their used apps have been affected.
Facebook has received criticism across the world this year for its poor security management and privacy issues. Recently in November, Richard Allan, vice president of Policy Solutions, Facebook, faced hard questions from an international grand committee consisting of representatives from seven parliaments on data leaks.
The company also faced severe criticism from the grand committee because founder Mark Zuckerberg — who was originally asked to attend the meeting — had turned down the request.
The year of 2018 has been tough for the company right from the start when it reported the Facebook-Cambridge Analytica data breach in April, in which an estimated 5.62 Lakh (562K) Indian users were affected.
Again in September, the company reported a security breach affecting 50 Mn accounts across the globe. However, in October, it clarified that 30 Mn users were actually affected by software bug which affected the “View As” feature that allows users to see how their own profile looks to other people.
Not only Facebook, but other international companies have also recorded high data breaches this year.
Search company Google has also reported a data leak potentially affecting 500K users in October via its social platform Google+. The company is now set to stop operations of Google+ by August 2019 as it witnessed a second breach affecting nearly 52.5 Mn users across the world.
Earlier this month, US-based question and answer platform Quora also reported a data breach, which affected personal data of almost 100 Mn users due to a “malicious” third party which got unauthorised access to one of the company’s systems.