Facebook announced Friday that it had discovered a bug that allowed outsiders access to private photos, potentially affecting some 6.8 million people who use the service. “We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual,” Tomer Bar, an engineering director at the company, said in a blog post.
The announcement is the latest in a string of problems the social network has had with consumer data. In March, The New York Times reported that Cambridge Analytica, a third-party firm, harvested the data of Facebook users without their express knowledge or consent. And in September, a separate, more serious breach gave hackers full access to the Facebook accounts of tens of millions of users.
Facebook has pledged to better protect user information.
“If we cant, then we dont deserve to serve you,” Mark Zuckerberg, the companys chief executive, said in a note to users this year.
This most recent incident is somewhat less severe than previous ones. Around 1,500 third-party apps had access to users uploaded photos — even if they had not posted them publicly to Facebook — from Sept 13 to Sept 25.
But it is still another headache for Facebook, which has faced intensifying scrutiny from regulators and the public after a year of embarrassing failures to protect customer data.
“Were sorry this happened,” Bar added.
In Europe, regulators signalled growing displeasure with Facebooks privacy policies. The companys main data-protection regulator in the European Union said Friday that the mounting number of problems require a deeper investigation.
The Irish Data Protection Commission said it started an inquiry this week after receiving “a number of breach notifications from Facebook” over the past six months. Under the new European privacy law, known as the General Data Protection Regulation, or GDPR, the investigation could lead to a fine of up to 4 percent of Facebooks global revenue, or about $1.63 billion. The regulator can also require Facebook to change how it processes data in the region.
“We have this week commenced a statutory inquiry examining Facebooks compliance with the relevant provision of the GDPR,” the Irish Data Protection Commission said in a statement.
The regulator started another investigation after Facebook disclosed the data breach in September. Ireland is the lead privacy watchdog of Facebook in the European Union because the companys European headquarters is in Dublin.