Recently Facebook fessed up to a bug

The bug is in Facebook's photo API that exposed the photos belonging to nearly seven million of the company's users to app developers.

The way the photo API is supposed to work is as follows:  When you give an app permission to access your Facebook photos, that app is only supposed to gain access to the ones you've posted on your timeline.

Photos secured?

The photos you've uploaded but have not shared are supposed to be strictly off limits.

Unfortunately, that's not the case at all.  According to a statement released by the company, some fifteen hundred apps controlled by 876 developers had access to every photo that users of those apps had uploaded to Facebook, whether they were a part of that user's timeline or not.

The company reports that the bug has now been fixed, but those app developers had access to all photos between September 13th and September 25th of 2018.

We are only hearing about it now?

The obvious question is: if the company knew about the issue back in September, and they've already fixed it, why is it that we're only hearing about it now?

The company's explanation is both thin and weak. A Facebook spokesman simply stated that it took time to investigate the matter, including finding out which apps and users were impacted by the bug and then to build the warnings (including translations into multiple languages) to warn the potentially impacted users.

Be that as it may, the standard protocol for such incidents has been immediate notification, followed by ongoing investigation, and sending out official notices to impacted parties.

Facebook issued a standard, terse apology, but has not offered any additional explanation as to why the disclosure was such a long time coming.  It's unlikely that we'll get an explanation beyond the one already given, unsatisfying or not.

Our perspective

This is but the latest in a long stream of similar "incidents" the company has reported on in recent months.  One wonders how many more terse apologies we'll be seeing in the months ahead.

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business