SoylentNews

MrPlow writes:

Submitted via IRC for SoyCow1984

Facebook has disclosed yet another privacy flub. This time around, it says a bug in the Photo API led to third-party apps being able to access not only timeline photos (which users had permitted them to do), but Stories, Marketplace images and photos people uploaded to Facebook but never actually shared.

"For example, if someone uploads a photo to Facebook but doesn't finish posting it -- maybe because they've lost reception or walked into a meeting -- we store a copy of that photo so the person has it when they come back to the app to complete their post," Engineering Director Tomer Bar explained in a post.

The bug affected as many as 6.8 million people across up to 1,500 apps, Facebook says, and it was active for 12 days before it was detected and fixed on September 25th. Companies are supposed to disclose data breaches within 72 hours under EU General Data Protection Regulation rules, though Facebook told TechCrunch it needed some time to investigate the bug's impact and prepare a notice for affected users in various languages. Still, the delay could land Facebook in hot water with EU regulators.

Source: https://www.engadget.com/2018/12/14/facebook-privacy-bug-photos-timeline-stories-marketplace/

Related: Facebook Keeps Unposted Videos

Original Submission