Facebook Discovers Yet Another Data Access Bug, Exposing User Content
Facebook has reported yet another data access issue, this time relating to photos shared - and even not shared - via The Social Network.
As explained by Facebook:
"Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos. We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018."
The issue may have opened up access to your images on Facebook, including anything posted to Stories or Marketplace. But Facebook also notes that the bug could have granted access to images you hadn't shared:
"For example, if someone uploads a photo to Facebook but doesn't finish posting it - maybe because they've lost reception or walked into a meeting - we store a copy of that photo for three days so the person has it when they come back to the app to complete their post."
Facebook says the issue could have affected up to 6.8 million users, and up to 1,500 apps built by 876 developers. As noted above, they've now fixed the issue, but investigations into the actual impact will take some time.
Affected users will soon receive this message:
The issue is the latest of Facebook's various data breaches and related misuse concerns in 2018 - of which there have been plenty.
As a reminder:
- Facebook started the year scrambling to explain itself following the Cambridge Analytica revelations, within which the political activist group was found to have used in-depth Facebook data to target ads to voters. The issue lead CEO Mark Zuckerberg to make 'fixing Facebook' his top priority for the year, and put the issue of Facebook data access into the spotlight. Facebook has since rolled out a range of new privacy tools and data access measures to counter misuse.
- In June, Facebook identified a bug which automatically changed the default audience for 14 million users’ posts to 'Public', even if the user had previously had the default set it to friends only or similar. Facebook quickly corrected the issue and informed affected users.
- In July, Facebook identified yet another bug, this time in Messenger, which may have enabled previously blocked users to see content from those who'd blocked them. Again, Facebook corrected the error and informed around 800,000 affected users.
- In August, Facebook banned a cluster of around 32 Pages and accounts which were linked to activist groups, believed to be in Russia.
- Also in August, Facebook detected and removed another group, consisting of around 254 Pages, and 276 accounts, found to be participating in “coordinated, inauthentic behavior” on the platform.
- In September, Facebook identified another security issue affecting almost 50 million accounts. In this incident, attackers exploited a vulnerability in Facebook’s code which enabled them to steal Facebook access tokens, which they could then use to take over people’s accounts.
- In October, investigations found that Facebook's new political ad restrictions could be easily manipulated, opening up another area of concern for the company.
Individually, each of these issues are a significant concern in themselves, but cumulatively, you can see why calls for Facebook to come under more stringent regulation are getting louder - with so many potential impacts, it's logical that government bodies are raising concerns. But the question is, what do they do? What comes next for Facebook on the regulation front in 2019?
Some have predicted that Facebook will indeed face more enforcement on transparency, while others have predicted that some Governments may follow China's lead and ban The Social Network outright. That would be a major blow for The Social Network and it's grand ambitions to 'connect the world'. There's nothing to suggest that this is going to happen as yet, and Facebook is seeking to be as transparent as possible, and to fix its various issues. But new problems keep coming up, and will likely continue, given Facebook's scale and reach.
As such, 2019 is shaping up as a transformative year for the platform. Facebook's already working hard to rebuild its image, and maintain user trust, but in 2019, it will likely need to take such efforts to new heights, or face significant losses, in terms of both users and in more restrictive policies.
We're already, potentially, seeing the impacts to some degree - in its latest earnings report, Facebook's active user numbers declined in Europe, and remained flat in the US. As a company, Facebook is still going strong - it is still adding users overall on its main platform, and it has Instagram, Messenger and WhatsApp, which are all also on the rise. But any regulation could impact them too, and Facebook knows that these issues could mean much more than just a lack of faith from users.
Regulatory impacts, and Government restrictions, could hurt the company in a big way, and while it may seem unassailable, as the biggest social media company in the world, Chinese social media giant Tencent is also moving into western markets. Tencent will likely face regulations of its own, but the potential disruption adds another element to consider in the broader Facebook privacy debate.
Make no mistake, this is a major issue for Facebook, and it's unlikely to blow over any time soon. A key area to watch as we move into the new year.
Follow Andrew Hutchinson on Twitter