Dec 14, 2018 - Technology

Facebook bug exposed photos for up to 6.8 million users

Mark Zuckerberg testifies

Facebook CEO Mark Zuckerberg. Photo: Zach Gibson/Getty Images

A Facebook bug in late September allowed outside apps to access photos they weren't supposed to, including some that users uploaded but hadn't posted. Facebook said on Friday.

Why it matters: Facebook is already facing skeptical users and regulators who believe it doesn't respect user privacy.


  • "When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories," the company said in a blog post. "The bug also impacted photos that people uploaded to Facebook but chose not to post."
  • Facebook told TechCrunch the bug was discovered and fixed on Sept. 25, had lasted for 12 days, and may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.

Ireland's data protection regulator said it had opened an investigation this week into Facebook's data practices, including this breach. The company's privacy practices are also under investigation by the U.S. Federal Trade Commission.

Our thought bubble: Every tech company experiences bugs, but Facebook's massive user base means any flaw can affect millions. Moreover, the company has once again failed to disclose a privacy issue in a timely manner — a pattern that doesn't strengthen trust.

Editor's note: This story was updated with more details about investigations of Facebook's practices around the world.

Go deeper