Skip to main content
  1. Home
  2. Computing
  3. News

Latest Facebook bug exposed up to 6.8 million users’ private photos

By
Add as a preferred source on Google
Image used with permission by copyright holder

With the latest Facebook API bug, up to 6.8 million consumers on the social network had their private photos inappropriately exposed to third-party apps. Though the issue has since been fixed, some of the apps had access to photos for the 12 days between September 13 and September 25.

Users impacted had already authorized and granted special permissions to these apps to access content from their Timeline, but the bug led developers to access photos that were uploaded but never yet posted on the Marketplace or Facebook Stories. Though Facebook isn’t specifically giving names, it says up to 1,500 apps from 876 developers were affected. Facebook also notes it had approved photos API access for these apps, issuing an apology promising more change.

Mockup of the alert (Image via Facebook) Image used with permission by copyright holder

“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users,” said Tomer Bar, engineering director at Facebook.

Recommended Videos

Facebook will be alerting impacted consumers with a notification, which will then direct them to the Help Center where they can see if they’ve used any apps that were impacted by the bug. It also is recommended for consumers to individually log into apps to check and see if they’ve wrongfully obtained any photos permissions. A sample notification and interface of what consumers will end up seeing can be seen to the left.

It is not clear when Facebook first was made aware of this API bug. TechCrunch reports that Facebook discovered and fixed it on September 25, but took its time to investigate so it can warn impacted users. That report also makes it clear that photos shared through Facebook Messenger were not impacted.

This would not the first Facebook-related problem in recent months. Back in November, hackers were attempting to sell 120 million private Facebook messages, though that was related to third-party extensions. Before that, up to 50 million accounts were also compromised due to a flaw in access tokens and the “View As” feature. The social media website also apparently knew about Russia data harvesting on its platform since 2014, according to seized documents.

Arif Bacchus
Arif Bacchus
Former Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Topics
Razer’s new Blade 18 gets Arrow Lake refresh and a modest $3,999.99 starting price
For $3,999.99, you get the base model with Nvidia RTX 5070 Ti. A 5090 variant is available, too.
Razer Blade 18.

Razer has officially unveiled the 2026 Blade 18 today, and at the heart of all three configurations is an Intel Arrow Lake processor. 

I’m talking about the Core Ultra 9 290HX Plus, which features 24 cores, up to 5.5GHz clock speed (with boost), 36MB cache, and an onboard NPU that delivers up to 13 TOPS of compute power. 

Read more
Windows 11 will clean up its own driver mess so you don’t have to
Say goodbye to the nightmare of hunting down broken drivers after a bad Windows update.
Surface laptop on wooden table

It seems that Microsoft is keeping up its promise of making Windows 11 better. After introducing a new low-latency mode that speeds up app launches and an update that fixes the RAM memory leak issue, the tech giant is testing a new feature that addresses one of its most prominent problems. 

The new feature is called Cloud-Initiated Driver Recovery, and it can automatically roll back a broken driver that was pushed to your PC through Windows Update. 

Read more
After flubbing with Siri, Apple plans to host AI agents on the App Store
One problem is about money Apple won't commit to not charging. The other is about AI agents Apple can't figure out how to control. WWDC needs to solve both.
Electronics, Mobile Phone, Phone

Apple is currently facing a Siri problem that has nothing to do with Siri at all. With WWDC 2026 just weeks away, The Information reports the company is actively courting developers to integrate their apps with the new Siri coming in iOS 27. 

The mechanism powering the overhauled Siri, App Intents, is an API that lets Siri execute actions inside third-party apps without you actively opening them, which sounds quite useful, I’d say. However, some of the world’s largest developers are dragging their feet on it, not because it’s tough, but because Apple left the door open on charging for it later.

Read more