NEW YORK | Facebook’s privacy controls have broken down yet again, this time via a software bug impacting nearly 7 million users who had photos exposed to a much wider audience than intended.
The glitch disclosed Friday allowed hundreds of apps unauthorized access to photos that could in theory include images that would embarrass some of the affected users. They also included photos people may have uploaded but weren’t yet posted, perhaps because they had changed their mind.
It’s not yet known whether anyone actually viewed the photos, but the revelation of the now-fixed problem served as another reminder of just how much data Facebook has on its 2.27 billion users, as well has how frequently these mishaps are recurring.
The bug is the latest in a series of privacy lapses that continue to happen, despite Facebook’s repeated pledges to make its site more secure and do a better job preventing unauthorized access to the pictures, thoughts and other personal information its users intend so share only with friends and family.
Generally, when people grant permission for a third-party app to access their photos, they are sharing all the photos on their Facebook page, regardless of privacy settings intended to limit a photo to small circles such as family. The bug possibly gave developers access to even more photos, such as those shared on separate Marketplace and Facebook Stories features, as well as photos that weren’t actually posted.
Facebook reported the users’ photos may have been exposed for 12 days in September. The company said the bug has been fixed.
The company declined to say how many of the impacted users are from Europe, where stricter privacy laws took effect in May and could subject companies to fines. Facebook said it has notified the Irish Data Protection Commission of the breach.
The issue comes in a year fraught with privacy scandals and other problems for the world’s largest social network.
Revelations that the data-mining firm Cambridge Analytica improperly accessed data from as many as 87 million users sparked congressional hearings and changes in what types of data Facebook lets outside developers access. In June, a bug affecting privacy settings led some users to post publicly by default regardless of their previous settings. This bug affected as many as 14 million users over several days in May.
With each lapse, Facebook risks losing credibility with both its audience and the advertisers whose purchasing generates most of the company’s revenue.
“It’s like they keep getting these chinks in the armor that is causing this trust deficit,” said Michael Priem, CEO of Modern Impact, which places ads for a variety of major brands.
Although Facebook doesn’t seem to be losing a lot of users, Priem said some advertisers have been seeing data indicating that people are spending less time on the social network. That’s causing concerns about whether the privacy breakdowns and problems with misinformation being spread on the services are taking a toll.
But it’s difficult to know how much Facebook’s recent wave of headaches has been affecting the service because its growth, particularly among younger people, had been slowing even before the problems began to crop up, said Nate Elliott, an analyst with the research firm Nineteen Insights.
Advertisers are unlikely to curtail their spending significantly as long as Facebook is able to maintain the current size of its audience, Elliott said. So far there has been little evidence a significant percentage of the users are worried enough about privacy to get off the service.
“Even if people don’t trust Facebook, as long as the value that the service provides is worth more than the cost of the privacy violations, then that may be a trade-off most people are willing to make,” Elliott said.