Skip to main content

7mn Facebook users’ photos exposed

December 16, 2018 | Expert Insights

Facebook has revealed that due to a software bug, nearly 7 million Facebook users’ photos were exposed to a much wider audience than intended. These pictures also included the ones that were hidden or not posted.


Facebook, a social media and social networking site, was launched by Mark Zuckerberg in 2004 along with some of his Harvard roommates. Almost instantly the site was a hit among its users and grew exponentially across the world. As of June 2017, Zuckerberg said that Facebook had two billion users monthly.

Facebook has more than 2 billion monthly active users as of June 2017. Its popularity has led to prominent media coverage for the company, including significant scrutiny over privacy and the psychological effects it has on users.

In May 2017, it emerged that Facebook was a key influencer in the outcome of the 2016 US Presidential election and the Brexit vote, according to those who ran the campaigns. Those in charge of these digital campaigns believe that the social network was decisive in both wins. In the past years, social media, in general, has come under scrutiny for hate campaigns and terrorist propaganda, the presence of bots, and the proliferation of so-called fake news ahead of elections.

Since the start of 2018, Facebook has committed to making significant changes to their platform. In a post on his page on the social network early this month, creator and CEO Mark Zuckerberg said the website was making too many errors enforcing policies and preventing misuse of its tools. Zuckerberg has famously set himself challenges every year since 2009. This year the Facebook creator said his “Personal challenge” is to fix crucial issues with the platform to prevent misuse of the website.


Facebook disclosed that a bug gave outside developers’ broader access to photos of millions of its users that were uploaded but never posted. According to a blog the company posted, around 6.8 million users and up to 1,500 apps were involved in this privacy misstep.

The users who were affected were those who had permitted third-party apps to access their photos through the Facebook login function. However, there is no evidence that the bug led to any large-scale extraction of photos from the site.

When people grant permission for third-party apps to access their photos, they are sharing all the photos on their Facebook page, regardless of privacy settings that are meant to limit a photo to small circles.

The bug potentially gave developers access to even more photos, such as those shared on separate Marketplace and Facebook Stories features, as well as photos that were not posted.

The social networking platform said the users’ photos might have been exposed for 12 days in September.

Guy Rosen, a Facebook vice-president, said at the time: “The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as’, a feature that lets people see what their own profile looks like to someone else.”

A Facebook developer, Tomer Bar said: "Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

These series of incidents of data breaches have eroded the site's user trust. Graham Doyle, a spokesman at the Irish Data Protection Commission, said that "With reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook’s compliance" with Europe’s General Data Protection Regulation


On the contrary, Nate Elliott, an analyst with the research firm Nineteen Insights had expressed that “Even if people don’t trust Facebook, as long as the value that the service provides is worth more than the cost of the privacy violations, then that may be a trade-off most people are willing to make.”

Besides, a Facebook spokesperson said it took a while to determine if the latest breach was something the company was required to report. 


Our assessment is that these series of privacy lapses will further continue to crop up if Facebook is not committed to data privacy. We feel that though Facebook has repeatedly pledged to take action against breaches, these breaches are a cause of concern for many users. We believe that Facebook might feel that it’s larger market share is safe considering that users will weigh the benefit and perhaps overlook some of the issues related to data privacy.