Private Photo Exposure
Facebook has privacy settings that allow users to restrict who can see their content. But last year, buggy code within Facebook’s Photos API may have allowed developers to view user photos — even if those pictures were set to private mode. The company added that some developers could see photos that weren’t uploaded at all.
All in all, the buggy photo code impacted the photo privacy of about 6.8 million users. Specifically, it affected users who had given access to about 1,500 third-party apps made by 876 different developers. While Facebook worked quickly to patch the flaw once it discovered it, the vulnerability was still active for a full 12 days in September 2018.