Discovered the possibility that 6.8 million users' unpublished photos leaked out on Facebook

Facebook has reported a bug in the API that users' unposted photos were ready to be accessed by 3rd party apps. There seems to be 6.8 million users who may have suffered from photo leakage.

Notifying our Developer Ecosystem about a Photo API Bug - Developer Facebook
https://developers.facebook.com/blog/post/2018/12/14/notifying-our-developer-ecosystem-about-a-photo-api-bug/

It is the team of Google that found the bug of the problem. Due to a bug in the API, the third-party application that is able to use Facebook login was in a condition to be able to access photos shared on Facebook of users who allowed access to photos. Third-party apps usually only allow access to photos that are shared on the timeline, but due to bugs it is possible to access photos shared by Marketplace and Facebook Stories, and Facebook It seems that it was in a condition that you could also access photos that you uploaded to the service but not posted . Normally, on Facebook, it is specification to save copies of photos for 3 days in case the uploaded posts are not completed.

According to Tomar Bar of Facebook's engineering director, it is said that the total access to the photo was about 1,500 applications made by 867 developers. The possibility of photo leakage occurred when Facebook allowed an access to photos using an application that Facebook authorized access to the photos API, and the number of target Facebook users seems to be up to 6.8 million .

On Facebook, this bug will inform people with the possibility of photo leaks through Facebook alert. You can see if you are using an application that is affected by bugs from the link in the notification center in the notification.