Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Says A Bug May Have Exposed The Unposted Photos Of Millions Of Users (buzzfeednews.com)

Posted by msmash on from the weekly-Friday-security-disclosures dept.

A day after hosting a pop-up store in New York City's Bryant Park to explain how privacy is the "foundation of the company," Facebook disclosed that a security flaw potentially exposed the public and private photos of as many as 6.8 million users to developers. From a report: On Friday, the Menlo Park, California-based company said in a blog post that it discovered a bug in late September that gave third-party developers the ability to access users' photos, including those that had been uploaded to Facebook's servers but not publicly shared on any of its services. The security flaw, which exposed photos for 12 days between Sept. 13 and Sept. 25, affected up to 1,500 apps from 876 developers, according to Facebook.

"We're sorry this happened," Facebook said in the post. "Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users." Facebook has not yet responded to questions about whether company representatives staffing its privacy pop-ups yesterday were aware of this security flaw as they were meeting with reporters and customers to discuss privacy. Further reading: Facebook's lead EU regulator opens probe into data breach.

29 of 51 comments (clear)

  1. If you don't want it on the internet... by tmshort · · Score: 4, Insightful

    Don't post it to the internet!

    1. Re:If you don't want it on the internet... by Lucas123 · · Score: 1

      This.

    2. Re:If you don't want it on the internet... by ConceptJunkie · · Score: 1

      Agreed. Many of life's problems go away if you are not an idiot.

      --
      You are in a maze of twisty little passages, all alike.
    3. Re:If you don't want it on the internet... by Bradac_55 · · Score: 1

      To further compound the problem at least half of the worlds population is idiots (yes I'm being generous).

    4. Re:If you don't want it on the internet... by AndrewFlagg · · Score: 1

      that was an undocumented feature and by design. i see that all the time. its just gets reclassified as a bug when other eyes notice it and raise it as a bug.

    5. Re:If you don't want it on the internet... by sacrilicious · · Score: 2

      Don't post it to the internet!

      Let's not lose sight of the fact that it's not "the internet" that completely screwed the pooch here, it is *specifically* Facebook, and their long history of leaks, "oopses", non-apologies, etc is going to go on because their whole business model is premised on gathering and selling private data, and they have even less decency than most.

      My version of this advice would be "Choose a much better partner than Facebook in your quest for control over your data."

      --
      - First they ignore you, then they laugh at you, then ???, then profit.
  2. Accidentally on Purpose by Oswald+McWeany · · Score: 1

    Is it just me as the perennial skeptic, or does it almost seem like facebook has a leak or a revelation about something way too often for it to be accidental. It's almost like they're "accidentally on purpose" doing things so that they stay in the news and people don't forget about them.

    No news is bad news right? Let's leak some photos so we can patch the bug next week and stay in the news. They wouldn't do that right? Or would they?

    --
    "That's the way to do it" - Punch
    1. Re:Accidentally on Purpose by Bobrick · · Score: 1

      Hi, we're very sorry about having a leak or a revelation about something way too often for it to be accidental. We promise we'll do better in the future. Starting this week, we'll be rolling out new tools for developers to have less leaks or revelations about something too often for it to be accidental.

    2. Re:Accidentally on Purpose by Impy+the+Impiuos+Imp · · Score: 2

      Journalists should follow the money, for people looking to sell fb short, or waiting for it to drop as a buying opportunity.

      I first realized this when, the same week Taser went public, suddenly there was a big story about tasers killing people.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    3. Re:Accidentally on Purpose by rtb61 · · Score: 1

      This is worse story that Facebook is trying to make it look. Those private photos, could be exceedingly private, as in personally pornographic in nature. There are laws against publishing explicit personal photos of inviduals, Facebook has factually broken those laws and should face full criminal penalties.

      Remember when all of a sudden a series of web sites banned porn not long back, guess why the panic. Well at what age do females start to feel the urge for expensive clothing, makeup, jewellery and of course shoes and at what age do they start getting targeted by intense marketing and how do you get that money. Now you have the very humorous thot troll, dob in a thot to the IRS and the big reaction by thots to that would have trigger an IRS internal investigation. So a review uncovers the age of many of the upcoming self publishing porn producers and wham a lot of those social media sites that allow users to earn money with posting, well, where allowing the publishing of really troublesome content, for which don't pass GO, no $200, straight to jail they should have gone.

      You can start to see where this would be extremely troubling for Facebook.

      --
      Chaos - everything, everywhere, everywhen
  3. Another NSA-serving "bug".. by Anonymous Coward · · Score: 1

    Oh darn. Oopsie!! Such accidental!

  4. Its always a bug now by Anonymous Coward · · Score: 1

    I'm sure it was just a bug Facebook. Their all bugs aren't they? So glad I decided to part ways with Facebook, probably should have never signed up to begin with.

  5. I just bought Blackmail stock by nospam007 · · Score: 1

    I'll be so rich.

    1. Re:I just bought Blackmail stock by Aighearach · · Score: 1

      I tried to, but I ended up with BLCM and it was a total dud.

      Reminds me of the time my friend recommended Cysco to her grandma, and she bought Sysco instead.

      Except, Sysco was a good buy.

  6. Proper etiquette by ConceptJunkie · · Score: 1

    You know, it's proper etiquette to provide a torrent link for stories like these. j/k

    I'm almost becoming inured to these data leak stories. I use Facebook, but I would never post photos that I would care about being made public... that's why I put them up there. If anyone is interested in looking at some big, doughy white guy, and the food he cooks, more power to them. I figured out 25+ years ago that I simply wouldn't post anything online that I wouldn't want to see on the front page of something like Reddit, or that I wouldn't want my Mom to see.

    I'm more concerned about organizations like Equifax, who seem to have suffered no significant effects from leaking important information about practically every adult in the country that could seriously affect people's lives.

    --
    You are in a maze of twisty little passages, all alike.
  7. Amateur Web Site at Best by Anonymous Coward · · Score: 1

    Facebook increasingly resembles some amateur web site (filled w home pages) run by beginners who overstate their technical skills

    1. Re:Amateur Web Site at Best by TWX · · Score: 2

      A little secret for you, the bulk of IT is run by beginners who not only overstate their technical skills, they also personally overvalue their technical skills. In short, they don't really understand how poor their skills are.

      Now consider that as a basic starting point for a developed platform, then factor it in with the software running on that platform, for the higher-level protocols that let that software communicate, and for the staff that maintain the systems, and one can see why breaches are so damn common.

      --
      Do not look into laser with remaining eye.
    2. Re:Amateur Web Site at Best by Aighearach · · Score: 1

      It is what Geocities would have been if they implemented chat.

  8. Common file sharing hack is this by 140Mandak262Jamuna · · Score: 1
    Unposted messages and photos are used to share information privately as a sort of ad-hoc drop box.

    People share log-ins and save things as draft for the party to read. Some under the impression it is really private. I was shocked to see some General commanding our troops in Afghanistan using it to share notes with some lady he was having an affair with. Talk about blackmail vulnerability!

    So impact of this bug is going to be quite big.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  9. It wasn't even posted though... by SuperKendall · · Score: 3, Interesting

    The thing is, these were images that were not technically posted.

    It's interesting because Flickr has a feature that makes me wonder, where you can keep your whole camera roll uploaded - it's not made public, just stored.

    Given this Facebook breach, keeping private photos like that on Flickr seems like it may be a bad idea as well... if you have anything you would mind being leaked anyway.

    I wonder at what point private photo leaks will significantly start impacting politics (maybe they are already).

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  10. So they ask for your nudes..... and then... by Puls4r · · Score: 2

    https://www.independent.co.uk/...

    So they want us to upload nude photos to stop revenge porn, then they allow access to all these other photos. Ho boy.

  11. "privacy is the foundation of the company" by thomn8r · · Score: 1

    Best joke I've hear all week! Oh, you mean monetization of privacy; ok, that makes more sense.

  12. The more we learn about Facebook... by QuietLagoon · · Score: 1

    ... the worse Facebook looks.

  13. Re:Huh? by Impy+the+Impiuos+Imp · · Score: 1

    The entire purpose of Facebook is to collect and sell your data, and nothing Zuckerberg has ever done supports the conclusion that privacy is the 'foundation' of Facebook.

    Not quite nothing. The advantage it gave over MySpace that let it overwhelm it was that you could limit views to your friends.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  14. The Antonym by Anonymous Coward · · Score: 1

    RE: privacy is the "foundation of the company"

    Are they so accustomed to lying that they can keep a straight face now when they say things like this?
    Facebook is the antonym of Privacy! They've always been the last to adopt any security practices, and only when forced.

  15. transitivity retainer by epine · · Score: 1

    Does Facebook's genie-stuffing operation also extend to Facebook partners whose own security melted down while they were in possession of illicit private-image contraband (and their partner's partners, too, et al and sundry)?

    If so, they might want to maintain the CDC on a warm and cozy legal retainer (and the CDC might want to base itself in a larger home city—there are some things Atlantis just can't do).

  16. "May Have" by Greyfox · · Score: 1

    They mean "did."

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  17. Re:Wait, what? by Aighearach · · Score: 1

    This shows that even if you thought about posting something to the cloud, but decided to click "cancel" instead, it might already be too late!

    Even just thinking about posting something to facebook is enough for it to leak out into public. Yikes.

  18. Checking the URL.... by ZoomieDood · · Score: 1

    Hmmm... Slashdot. News for Nerds...

    Wait. Facebook lacking privacy of users' info?

    This isn't NEWS! It's SOP.