Facebook confirms privacy settings glitch in a new feature exposed private posts of 14 Million users

8.6.18 securityaffairs Social

Facebook admitted that a bug affecting its platform caused the change of the settings of some 14 million users, potentially exposing their private posts to the public.
This is the worst period in the history of the social network giant that was involved in the Cambridge Analytica privacy scandal that affected at least 87 Million users.

“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time,” said Erin Egan, Facebook’s chief privacy officer.

“To be clear, this bug did not impact anything people had posted before—and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”

According to Facebook, the glitch affected some of its users that published posts between May 18 and May 27 because in that period of time it was implementing a new feature for the sharing of data such as images and videos.

Evidently, something went wrong, and the overall private messages were shared as public by defaults.

The social network giant confirmed to have corrected the bug on May 22, but it was unable to change the visibility of all the posts.

The company is now notifying affected users apologizing for the technical issue.

This is the last embarrassing case that involved Facebook in the last weeks, in April, researchers from Princeton researchers reported that the Facebook’s authentication feature “Login With Facebook” can be exploited to collect user information that was supposed to be private.

Early this week, Facebook confirmed that its APIs granted access to the data belonging to its users to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung so that they could implement Facebook messaging functions.

The Chinese vendor Huawei was one of the device makers authorized to use the API, the firm, in May the Pentagon ordered retail outlets on US military bases to stop selling Huawei and ZTE products due to unacceptable security risk they pose.

Facebook highlighted that the agreement was signed ten years and that its operated to prevent any abuse of the API.