Monday, May 19, 2025
HomeCyber Security NewsA New Facebook Bug May have been Exposed 6.8 Million Users...

A New Facebook Bug May have been Exposed 6.8 Million Users Private Photos

Published on

SIEM as a Service

Follow Us on Google News

Facebook revealed a new  photo API bug that may have been affected by nearly 68 million users and 1,500 apps built by 876 developers.

This critical photo API bug learned by Facebook internal security research team and it affected only users who have login Facebook and granted permission third-party apps in order to access their photos.

Facebook experienced a potential data breach in last September
that affected up to 50 million users and also it faced some of other security incidents.

- Advertisement - Google News

Facebook always notify peoples to check which third-party apps accessing their photo and review it to keep it or remove the access to concern app that you have already granted access.

Photos That Affected by This Bug

In this case, Facebook generally, provide access to 3rd party app shares photos only that you have posted on your timeline but this critical bug granted access to these app developers to access the photo that users didn’t post into their timeline just uploaded their photo without post it.

Facebook explained this incidents with an Example, “if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.”

Due to this bug, Facebook believes that some of the developers may have had an  access  to the photos which is not posted(just uploaded) by users for 12 days in between 13 to September 25, 2018.

Facebook fixed this bug and Apologized  to the users and said 
“Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

if you want to check whether you’re one of the victims among millions just check this link that provide by Facebook. 

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems

Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially...

Exploiting dMSA for Advanced Active Directory Persistence

Security researchers have identified new methods for achieving persistence in Active Directory environments by...

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems

Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially...

Exploiting dMSA for Advanced Active Directory Persistence

Security researchers have identified new methods for achieving persistence in Active Directory environments by...

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...