A security flaw has made apps accessible to people on Facebook – but never published – by 6.8 million users for a dozen days in September.
The flaw, which has been corrected after 12 days (from 13 to 25 September), only concerns people who have downloaded one or more of these 1500 or so applications and who initially agreed to their use. some of their photos.
Photos published only in Facebook Stories are also affected by this bug, which has hit Facebook’s application programming interface (API).
In a message posted on Friday (New Window) by engineering director Tomer Bar, Facebook said all users who had been exposed to this vulnerability would be notified by the social network. “We’re sorry this is happening,” wrote Tomer Bar.
Starting next week, the group will also offer developers of some 1500 applications a tool to identify users whose photos may have been used without permission.
The revelation of the incident came after a difficult year for Facebook, marked notably by the scandal Cambridge Analytica, linked to the undue use by this British company of personal data of 50 million users of the social network.
Last week, a British parliamentary committee accused Facebook, on the basis of internal documents, of offering “full access to user friend data” platform, although the US giant has announced to have given up the practice in 2015.
The bill could be salted for Facebook in Europe. The European Data Protection Regulation (RGPD), which entered into force last May, obliges companies to disclose any type of incident within 72 hours or face a fine of up to 30 million euros. Canadian dollars, or 4% of their income.