How to find out if you’re a victim of Facebook’s latest data leak

In the past few days, Facebook has disclosed a bug that has put the images of nearly 7 million users at risk. How to find out if you are a victim

Last week Facebook reported that it had discovered a bug within its API (the code that is used by third-party software developers to integrate their applications into the social) that affects just under 7 million profiles. Because of this bug, external programmers could also access photos not shared publicly by users.

So, as has happened very often in recent months, yet another flaw that would have endangered the data of users of the social network par excellence. Facebook claimed to have fixed the bug and asked the developers to delete the photos in question. But how to know if our profile, and therefore our photos, have been exposed to this umpteenth privacy problem on Facebook?

Facebook tools to warn you about the flaw

Facebook is about to launch a special new help page that will allow users to check if their account is among the 6.8 million exposed to the bug. If our account is not among those affected, then the page in question will show us a message in which Facebook says (and hopefully it's true) that "Your Facebook account has not been affected by this issue and the apps you've been using have not had access to your photos." If, on the other hand, our account is among the 6.8 million profiles affected, things change: Facebook will list all the apps that had the ability to access photos, even if they didn't actually do so. But you have to check for yourself: Facebook recommends logging into all the apps on the list and checking which photos they've accessed, and revoking permission from any app that has raked in too much information about us.

Third-party app problem

Usually when users authorize apps to access their photos, the apps should only be able to see those posted on the user's timeline. With this bug, apps may have also had access to photos shared on the Marketplace, in Stories or on private groups. But that's not all: the bug also allowed apps to access photos uploaded to Facebook but not posted. This is possible because when we upload, but don't publish, a photo the Blue Social keeps it for three days on its servers to give us a chance to publish it later.

This Facebook vulnerability had a specific duration: 12 days, from September 13 to 25, 2018. Then the bug was fixed. There were more than 1,500 apps that had access to our photos and they were made by almost 900 different developers. Just because an app had the ability to see our photos, however, doesn't necessarily mean it did.