Thursday, March 28, 2024

A New Facebook Bug May have been Exposed 6.8 Million Users Private Photos

Facebook revealed a new  photo API bug that may have been affected by nearly 68 million users and 1,500 apps built by 876 developers.

This critical photo API bug learned by Facebook internal security research team and it affected only users who have login Facebook and granted permission third-party apps in order to access their photos.

Facebook experienced a potential data breach in last September
that affected up to 50 million users and also it faced some of other security incidents.

Facebook always notify peoples to check which third-party apps accessing their photo and review it to keep it or remove the access to concern app that you have already granted access.

Photos That Affected by This Bug

In this case, Facebook generally, provide access to 3rd party app shares photos only that you have posted on your timeline but this critical bug granted access to these app developers to access the photo that users didn’t post into their timeline just uploaded their photo without post it.

Facebook explained this incidents with an Example, “if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.”

Due to this bug, Facebook believes that some of the developers may have had an  access  to the photos which is not posted(just uploaded) by users for 12 days in between 13 to September 25, 2018.

Facebook fixed this bug and Apologized  to the users and said 
“Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

if you want to check whether you’re one of the victims among millions just check this link that provide by Facebook. 

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles