This weeks theme seems to be API bugs and broken access control. Earlier this week Google announced it accidentally made accessible peoples private information through their Google+ API ( see article here ). Now it’s facebooks turn, Facebook developers announced that an error in their Photos API allowed external app developers to access photos that users had never actually shared on their timeline, either through Marketplace photos or unpublished images that users decided not to complete posting.
The Bug remained active for 12 days in September 2018 and it’s estimated nearly 6.8 million users were affected. Facebook are trying to assure thier users that they are working hard with external app developers to get the private images removed from their systems.
If you wish to read the oringal facebook statement please
If your a web developer and want to improve your security skills then check out our Cybersecurity for web developers course.