It has not been more than a few days since Google Plus encountered a security breach and now it’s time for Facebook. A bug has done all these things, according to the direct feed from the Facebook official. Facebook accepted that an API bug lets developers access unposted images or some images that have not been shared publicly. This error leads leak out of private images of 6.8 million accounts.
Facebook officially accepted that the bug enables developers seeing the unposted images while asking for seeing the images of the public profiles. The application programming interface that is used to collect public profile data of users of numerous apps, got infected with the error that had been given developers access to hidden photos as well.
This simple bug has compromised more than 6.8 million accounts and more than 1500 apps developed by 876 developers. The API is used to get a login function for the apps that use Facebook as a social login plugin.
Facebook is reportedly working with the developers to delete the images taken from the account compromised.
Guy Rosen (a Facebook vice-president) said, “The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as’, a feature that lets people see what their own profile looks like to someone else. It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”