New bug exposes private photos of millions of Facebook users.
Third-party apps gained access to private files
NEW YORK — Facebook’s privacy controls have broken down yet again, this time through a software flaw affecting nearly 7 million users who had photos exposed to a much wider audience than intended.
The bug disclosed Friday gave hundreds of apps unauthorized access to photos that could in theory include images that would embarrass some of the affected users. They also included photos people may have uploaded but hadn’t yet posted, perhaps because they had changed their mind.
It’s not yet known whether anyone actually saw the photos, but the revelation of the now-fixed problem served as another reminder of just how much data Facebook has on its 2.27 billion users, as well has how frequently these slipups are recurring.
The bug is the latest in a series of privacy lapses that continue to crop up, despite Facebook’s repeated pledges to batten down its hatches and do a better job preventing unauthorized access to the pictures, thoughts and other personal information its users intend so share only with friends and family.
In general, when people grant permission for a third-party app to access their photos, they are sharing all the photos on their Facebook page, regardless of privacy settings meant to limit a photo to small circles such as family. The bug potentially gave developers access to even more photos, such as those shared on separate Marketplace and Facebook Stories features, as well as photos that weren’t actually posted.
Facebook said the us-