Ireland’s data protection commissioner launched an investigation into the newest Facebook privacy breach affecting 6, 8 million people.
The new breach seems to have been caused by a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos. The bug may have allowed up to 1,500 apps get access to private photos held by users on the site.
Facebook has since fixed the bug but, admit that some third-party apps may have had access to a broader set of photos than usual for 12 days between 13 to 25 of September 2018.
“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” engineering director Tomer Bar announced in a message to developers. ”In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.”
It’s been a tough year for Facebook, from the Cambridge Analytica scandal to the Russian meddling in the US presidential election. The Irish data authority now has at least two serious investigations underway into Facebook, the other being the privacy leak in September, which affected 50 million users.
“The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018,” said a spokesman for the Irish watchdog. “With reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook’s compliance with the relevant provisions of the GDPR.”