To say that Facebook had a rough year in 2018 would be an understatement.
Following the Cambridge Analytica scandal at the beginning of the year, there have been numerous investigations into the misuse of data, potential Russian interference on U.S. elections using Facebook as a tool, and widespread data breaches.
Now, 2018 has ended with another major security issue for the social media giant—a December 28th revelation that user’s photos may have been compromised.
Facebook’s latest update
According to their latest update, Facebook had a bug in its system that allowed third-party developers to view the photos of almost 7 million Facebook users. This didn’t matter if the pictures had been publicly shared or not—the developers were still able to see them.
This security flaw continued for almost two weeks before it was finally closed down. Although Facebook has already set up a page to help you find out if you were affected, they have not yet officially notified those who have been affected by the hack.
Facebook breach disclosed more than three months after it was discovered
The hack was discovered on September 13th and was fixed by September 25th. What seems shocking is that September 25th was the day that the company realized that 30 million accounts had been breached by hackers. While the data breach was made public by the company on September 28th (only three days later), the photo breach took over three months to disclose.
Facebook could be in GDPR breach
The data breach reveal falls under the rules set forth by Europe in the General Data Protection Regulation (GDPR). This requires any data breach dealing with the information of an EU citizen to be disclosed within 72 hours. Facebook, however, argues that it had to spend the three months on the photo disclosure trying to assess if it qualified as a breach, hence the long lag time between discovery and reveal.
How to know if you’re Facebook photos are part of the breach
The biggest indicator of whether you’re at risk in this breach is if you did two things:
- You signed into your apps using Facebook Login; and
- You approved these apps to access your photos.
The last part is really the key. Facebook has informed app developers that the only pictures they should have access to are the ones that you publicly post in your timeline. However, a loophole has allowed them to access all your pictures—public or private, shared or unshared. Pictures that were sent through Messenger don’t seem to have been affected, but they do include pics that were part of other Facebook areas such as Marketplace.
How to protect your Facebook photos
Unfortunately, Facebook has not fully fixed the problem yet. They are currently working on software to help app developers remove the pictures that they have been given unauthorized access to. In addition, Facebook suggests that its users log in and double check what photos are authorized for their apps. If you see something that is out of order, then you can rescind this authorization.
As 2018 comes to a close, you can bet that social media security will continue to be a major issue in the coming year. As more people are added to the billions of users who are already using social media, and as new platforms are being developed to challenge Facebook’s supremacy, the issue of personal privacy and data security will be a hotly contested one.
New Edge Technology Solutions wants to be sure you are aware of the latest in cyber-attacks and help you to become proactive in protecting your information. Find out more about NETS and how we’re protecting businesses every day.