According to foreign media reports, Facebook, a social networking site in the United States, has another security vulnerability, which has led to third-party applications accessing unpublished private photos of users. Preliminary estimates indicate that as many as 6.8 million users have been affected. Currently, the Irish Data Protection Commission, the European privacy regulator, has begun investigating whether Facebook could be fined more than $1.6 billion.
On September 14, Facebook issued a statement saying that there was a program bug in the Facebook system, which led to about 1,500 applications accessing photos that users did not share between September 13 and 25. Facebook said that if users had used Facebook account to log in to third-party applications and authorized software to access photos, their private photos might have been leaked, including those not publicly shared.
According to Barr, director of engineering at Facebook, users upload photos to Facebook using third-party application software, but have not completed the sharing process. Copies of the photos are kept in the application, so they are obtained by the application concerned.
He apologized to Facebook users for this: Were sorry that this happened. Next week we will work with application software developers to identify affected users and remove leaked photos as soon as possible.
The Facebook team emphasized that the vulnerabilities had been patched and said it would notify and alert potential users, suggesting that they log in to an application that authorized them to obtain their Facebook photos and see which ones were taken.