Once again Facebook failed to keep user data safe and secure. Facebook messed up, but users should remember the vulnerability of content shared online.
The social media giant acknowledged Friday morning that a bug had exposed photos of as many as 6.8 million users to third-party developers — even if the photos had never been posted.
The company explained what happened and in a post saying, “We’re sorry this happened,” a response that was quickly lampooned on the Internet. Typically, when a Facebook user grants an app permission to access photos, that access only extends to photos shared on your timeline. Instead, the bug allowed third-party developers access to photos that users had uploaded but not posted as well as images added to Facebook story, marketplace, and other groups.
Although just made public, the bug first went live on Sept. 13 and wasn’t discovered until Sept. 25, the same day it was fixed. That meant that for nearly two weeks, the photos were vulnerable before Facebook even realized there was a problem.
This latest revelation, of course, is only another chapter in a year of bad publicity for the company. Indeed, the same day that the photo bug was discovered, Facebook also learned that hackers had gained access to 30 million accounts.
Earlier in the year, Facebook faced well-deserved criticism for issues ranging from the Cambridge Analytica scandal to a United Nations report that highlighted the use of the social media platform by Myanmar’s genocidal military in addition to questions over the prevalence of fake news, foreign disinformation, and other failure to protect user data.
None of that bolsters user confidence or inspires lawmakers to turn down the heat on criticism of the company’s handling of data, nor should it. Facebook grew quickly and often failed to recognize the consequences of its rapid expansion or keep pace with privacy protections.
But users also cannot assume that rapidly growing and changing companies will always have a firm hold on the Internet landscapes they helped create. To do so would be exceptionally naive.
For users then, in addition to perhaps having another reason to rethink their use of Facebook or third-party applications, the unintended exposure of photos should be a reminder that uploading content to the Internet, especially free services, is always a risk.
Facebook, the government, and just about everyone else online has experienced bugs and breaches. That’s not going to change. The best lesson to draw from these instances is the most basic advice online: Don’t post things you’d regret going public.
