Blog Facebook exposes 6.8 million users’ private photos — how to tell if you’re one
Robert Siciliano December 17, 2018

Facebook exposes 6.8 million users’ private photos — how to tell if you’re one

Just when you thought that 2018 couldn’t get any worse for Facebook, the company disclosed that the photos of close to 6.8 million users were exposed to developers in September — and in some cases, it included photos that were never even shared on the users’ timelines.

Facebook says that it plans to contact every person who was affected, along with which apps may now have access to their photos.

However, if you are curious, you can also check here to see if your account was compromised.

Those who are at risk are people who have shared their information with other apps. It is estimated that about 1,500 apps could have had access to your private photos if your account was compromised.

In addition to this, it’s also possible that developers could have accessed these photos if you shared them to Stories or Marketplace. Shared photos in Messenger, however, were not part of the incident, although any other photo you uploaded to Facebook (and chose not to share on your timeline) could be.

Facebook said that this bug was first introduced on the 13th of September. Its security team found and fixed the issue by September 25. This, of course, was the same day that Facebook, in another incident, discovered that hackers had accessed the accounts of more than 30 million people.

September, then, was not a good month for Facebook. And, in fact, 2018 as a whole is one the company will want to forget. But the fallout from this most recent photo bug could spill well into 2019.

Thanks to the General Data Protection Regulation, or GDPR, which went live this year across Europe, companies have 72 hours to notify authorities of any breach. However, it was about 80 days before Facebook announced its photo debacle.

Now, this doesn’t necessarily mean that Facebook has broken GDPR rules. The company claims it took so long to notify its users because it had to identify and contact the developers that were involved, and then create a way to tell its users.

On top of this, the GDPR regulations aren’t entirely black and white. For instance, a company can get a pass if the breach in question is “unlikely to result in a risk to the rights and freedoms” of the user.

But for now, at least, Facebook has this issue to resolve over the coming months.

What it is doing now is sending out developer tools and helping affected users delete photos from apps that have been compromised. If you discover that you were one of the victims, make sure to log out of the apps you have linked to your Facebook account and update all passwords.

Here’s hoping for a better 2019 for Facebook. Because it couldn’t get much worse than 2018.


Take your online privacy and security into your own hands with Hotspot Shield. The free app encrypts your data to keep you anonymous online, as well as protecting you from hackers. 

 

Robert Siciliano
About Robert Siciliano

Robert Siciliano is an Identity Theft expert consultant to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him discussing internet and wireless security on Good Morning America. FInd Robert Siciliano on Google+

View all posts by Robert Siciliano
Subscribe to our newsletter

Become a Hotspot Shield insider to get the latest news, updates, and special offers delivered directly to your inbox.