Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Facebook Admits Privacy Settings ‘Bug’ Affecting 14 Million Users

Facebook acknowledged Thursday a software glitch that changed the settings of some 14 million users, potentially making some posts public even if they were intended to be private.

Facebook acknowledged Thursday a software glitch that changed the settings of some 14 million users, potentially making some posts public even if they were intended to be private.

The news marked the latest in a series of privacy embarrassments for the world’s biggest social network, which has faced a firestorm over the hijacking of personal data on tens of millions of users and more recently for disclosures on data-sharing deals with smartphone makers.

Erin Egan, Facebook’s chief privacy officer, said in a statement that the company recently “found a bug that automatically suggested posting publicly when some people were creating their Facebook posts.”

Facebook said this affected users posting between May 18 and May 27 as it was implementing a new way to share some items such as photos.

That left the default or suggested method of sharing as public instead of only for specific users or friends.

Facebook said it corrected the problem on May 22 but was unable to change all the posts, so is now notifying affected users.

“Starting today we are letting everyone affected know and asking them to review any posts they made during that time,” Egan said.

“To be clear, this bug did not impact anything people had posted before — and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”

Facebook confirmed earlier this week that China-based Huawei — which has been banned by the US military and is a lightning rod for cyberespionage concerns — was among device makers authorized to see user data in agreements that had been in place for years.

Facebook has claimed the agreements with some 60 device makers dating from a decade ago were designed to help the social media giant get more services into the mobile ecosystem.

Nonetheless, lawmakers expressed outrage that Chinese firms were given access to user data at a time when officials were trying to block their access to the US market over national security concerns.

The revelations come weeks after chief executive Mark Zuckerberg was grilled in Congress about the hijacking of personal data on some 87 million Facebook users by Cambridge Analytica, a consultancy working on Donald Trump’s 2016 presidential campaign.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.