Posted on

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

Facebook exposed private photos from up to 6.8 million users to apps that weren’t supposed to see them, the company said today. These apps were authorized to see a limited set of users’ photos, but a bug allowed them to see pictures they weren’t granted access to. These included photos from people’s stories as well as photos that people uploaded but never posted (because Facebook saved a copy anyway).

“Darktrace’s machine learning approach means that our days of battling cyber-threats at the border are over,” commented Paul Martinello, Vice President of Information Technology, Energy+. “Before deploying Darktrace, we had no way of detecting emerging threats, and we had a reactive approach to cyber defense. The Enterprise Immune System protects our network from the inside out, allowing us to catch even the subtlest and most advanced forms of threat at their earliest stages.”

24/7 Cybersecurity

The exposure occurred between September 12th and September 25th. Facebook toldTechCrunch that it discovered the breach on the 25th; it isn’t clear why the company waited until now to disclose it. (Perhaps it’s because the company was dealing with a separate and substantially larger breach that it also discovered on September 25th.)

Affected users will receive a notificationalerting them that their photos may have been exposed. Facebook also says it’ll be working with developers to delete copies of photos they weren’t supposed to access. In total, up to 1,500 apps from 876 different developers may have inappropriately accessed people’s pictures.

Image: Facebook

Facebook said the bug had to do with an error related to Facebook Login and its photos API, which allows developers to access Facebook photos within their own apps. All of the impacted users had logged into a third-party app using their Facebook accounts and granted them some degree of access to view their photos.

“We’re sorry this happened,” writes Tomer Bar, engineering director at Facebook. The disclosure comes exactly one day after Facebook opened a pop-up installation in New York to show people how “you can manage your privacy” on the site.

Facebook has been in hot water again and again this year over data breaches and exposures, most notably with Cambridge Analytica. In many cases, the problems haven’t been caused by hackers, but they have stemmed from issues within Facebook itself. The Cambridge Analytica breach happened because of Facebook’s lax oversight of developers and data sharing; today’s issue happened because of another breakdown in communication between Facebook and developers.

Google has already pledged to shut down Google+ over similar issues. Twice this year, the service exposed information inappropriately to developers.

Source:  The Verge Jacob Kastrenakes on 

 

Hackers Data Breach Equifax For 76 Days Before Being Discovered

Marriott faces backlash over data breach impacting 500 million guests

Solutions

Meet Penny, an AI tool that can predict wealth from space

Windows 10’s Built-in Antivirus Is Getting A Massive Upgrade

Quora Website Data Breach Hits 100 Million Users

The 21 biggest data breaches of 2018

5 Key Benefits of Computer-Integrated Manufacturing

About Us

Posted on

20 Million Euro Fine For Cyber-Attacks Resulting In The Theft of EU Citizen Data

Caribbean Cyber-Attacks are Increasing

With cyber-attacks rising all across the Caribbean, Andre Thomas, Chief Executive Officer of the CICCD- Caribbean Israel Centre For Cyber Defense, has advised the local authorities in Barbados and the region responsible for law enforcement and better legislation, to counter this issue.

How British spies made a cyber immune system

He revealed yesterday that, “They’ve been major hacks recently in the last six weeks. There was a major hack in St. Maarten, another one in Guyana…. We’re aware of hacks taking place all over the region. And they’re mostly under-reported.”

Nicole Eagan, Darktrace CEO, speaks at Hong Kong RISE: ‘When AI attacks’

However, Andre Thomas did not classify which entities came under this cyber-attack, but he did noted that this region is viewed as an easy target by cyber-criminals due to the inadequate cyber-security infrastructure.

Windows 10 can carry on slurping even when you’re sure you yelled STOP

While he expressed concern over the unwillingness to report such cyber-incidents, the CICCD official claimed that unsatisfactory training and legislative provisions were some of the reasons for the hindrances.

Contact Us

He added saying, “[Hacks] are under-reported because our law enforcement agencies, though very passionate and very willing to make a difference in this area, still have areas of development in terms of being able to deal with cyber-crime.

Join Our Team

Most of the jurisdictions do not have cyber-crime legislation. Most of the police departments do not have forensic cyber detection capacity. There’s so much that has to be done.”

He promised and guaranteed the organization’s support to aid regional countered, especially since the General Data Protection Regulation that was introduced by the European Union will go into effect by the 25th of May, 2018.

Under this regulation, any organization or company will be held legally responsible if personal information that belongs to a business or an EU citizen gets stolen via a cyber-attack. Included in the specifications is a financial penalty which means that the entity would have to forfeit four percent of its inclusive turnover or be fined to a maximum of 20 million Euros.

Let us know your thoughts below.

Source: The Latest Hacking News May 18, 2018


Customers also viewed

Darktrace Enterprise Network Process Cyber-Security Immune System

Executive Team