With the latest revealing of Facebook in an ongoing series of security lapses this year, things are about to take a glib turn. Reportedly, a bug in the system accounted for third-party developers to view photos of 6 million users on Facebook, whether these users chose to share or not. As a follow-up procedure, Facebook shall send affected users a notification of the same which in turn shall guide them to a page carrying the details of what might have caused the breach. The page will also have a set of a questionnaire for users to name any third party apps that they might have used and given permission to access their profile. It was revealed in the report that a total of 876 developers and around 1500 apps have had access to a set of private pics for the users. Now, that’s not an ideal to have happened. This is chiefly because any such permission would subject to access photos being shared on a timeline. The bug accounted for access to photos that one might have shared to other areas across Facebook like Stories and Marketplace. However, the happy note is any such photos shared through Messenger remained unaffected.
Facebook reported how the bug was detected in the month of Septemeber and was tentatively fixed within a few days. Surprisingly, the very same day the breach was discovered and that hackers have had access to more than 30 million users. Now, Facebook revealed the breach to the press on September 28 when the incident had already taken place on September 25 which could be black day in the history of Facebook security and that the company could be in muddy waters with European Data Protection Regulators, since it gives only 72 hours for reporting any such data breaches. In Facebook’s case, it was well over 72 hours before the incident came to the forefront. Facebook’s argument is geared towards the investigation of the issue and to declare it under GDPR breach which made them skirt the timeline for reporting. Also, further delay happened due to the team working on to find a way to inform the affected users, and many of them couldn’t be contacted in the first place. They wanted to be apologetic on their behalf as they weren’t able to protect their data and hence took time planning out a meaningful way to do so. Despite all that, the GDPR question still hangs strong in the air. Now, corporations do get a pass towards informing regulators of such data breach issues. While hackers getting access to financial documents or and unencrypted passwords of users readily qualify for GDPR reporting Facebook photo API breach is being looked at slightly dreary issue in comparison.
Facebook , on the other hand is yet to offer a full fledged solution to the problem and told the media that it is going to roll out a set of new tools for their app to determine users getting affected. They way the wind of affairs stands now makes it pretty evident that Facebook is still far from running any personal audit on the issue and no guarantee that unauthorized access by the developers to each photo will be revoked or the photos deleted for that matter.
Also Read: How to Find Your Original Windows 10 Key