Facebook Photo API Bug Exposes Up to 6.8M Users' Private Photos

UPDATE: Wondering if your photos were exposed due to the Facebook API bug announced on Friday? Here's how to find out.

Facebook promised to directly notify all potentially impacted users via an alert on the social network. You can also proactively check if your account was affected by visiting this Facebook Help Center link while logged into your Facebook account.

If you were affected, you'll see a list of apps that "may have had access to your other photos" along with information about what to do.

Original Story 12/14:

As if you needed another reason to question Facebook's ability to safeguard your personal information, the social network just disclosed a bug that exposed up to 6.8 million users' private photos to third-party app developers.

In a Friday blog post, the social network said it has fixed the photo API bug, which gave third-party apps "access to a broader set of photos than usual" for 12 days, from this Sept. 13 to 25.

Normally, when you give third-party apps permission to access your photos on Facebook, they can only see the images you've shared on your timeline, Facebook's Tomer Bar explained in the post. But this photo API bug may have given those developers access to even more of your images, including ones you've shared on Marketplace, Facebook Stories, and ones you uploaded to the social network but didn't end up posting.

"Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers," Bar wrote. "The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos. We're sorry this happened."

The social network plans to roll out tools next week to help app developers determine which of their users might have been impacted by the flaw. The company says it's also working with developers to delete the affected images.

Facebook also plans to alert all users who may have been impacted by the bug but did not say when that would happen. When it arrives, the notification will direct you to a Facebook Help Center link with more information.

"We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to," Bar wrote.

Meanwhile, if you trust Facebook enough to buy its new Portal video calling appliance, the company is rolling out some new features to check out. That includes a new web browser and access to Facebook Instant Games such as Battleship, Disney Tsum Tsum, Draw Something, Shake It Up-Poker Dice, Sudoku, SuperBaseball, and Words With Friends.

While Portal received a "good" rating in PCMag's review, we don't recommend it for privacy reasons.

"Facebook is such a mess in terms of controlling who uses your data for vicious ends … that we can't recommend this product to individuals until the company gets its house in order," PCMag's Lead Mobile Analyst Sascha Segan wrote in his review.

About Our Expert

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade.

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes.

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app.

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth.

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light.

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio