Facebook announced this morning a bug in its Photo API system that potentially exposed photos to third-party app developers—even if you didn’t post the picture. The bug existed from September 13th thru the 25th.

Facebook今天早上宣布了其Photo API系统中的一个错误，该错误可能会将照片暴露给第三方应用程序开发人员，即使您没有发布照片。 该错误从9月13日到25日存在。

The nuts and bolts are pretty simple here. Facebook offers APIs to app developers to allow them to build additional tools using Facebook as a foundation. One such tool involves the Photos API, which lets developers request access to users’ photos to provide a variety of utilities. When users grant access to their photos, however, it’s generally restricted to timeline photos.

螺母和螺栓在这里非常简单。 Facebook向应用程序开发人员提供API，以允许他们以Facebook为基础来构建其他工具。 其中一种工具涉及Photos API，该API使开发人员可以请求访问用户的照片以提供各种实用程序。 但是，当用户授予对其照片的访问权限时，通常只限于时间轴照片。

This newly-announced Photo bug, however, allowed up to 1,500 apps to access all user photos, including ones shared to Stories or in the Marketplace. What’s more, is that it also allowed these developers to see photos that had been uploaded but never posted—drafts, in other words. If you upload a picture but don’t follow through with posting, it’s automatically saved as a draft (unless you specifically delete it).

但是，这个新发布的“照片”错误最多允许1,500个应用访问所有用户照片，包括共享给Stories或Marketplace中的照片。 更重要的是，它还允许这些开发人员查看已上传但从未发布的照片​​(草稿)。 如果您上传图片但不进行发布，则图片会自动保存为草稿(除非您专门将其删除)。

Facebook claims the bug affected “up to 6.8 million users and up to 1,500 apps built by 876 developers.” Those are some pretty big numbers, and while Facebook has fixed the issue, it’s alarming that it took three months for them to disclose it to its users. This is just another point in a long list of issues Facebook has been dealing with over the last several months.

Facebook声称该错误影响了“多达680万用户和876个开发人员构建的1,500个应用程序。” 这些是相当大的数字，尽管Facebook已解决了该问题，但令人震惊的是，他们花了三个月的时间才将其披露给用户。 这只是Facebook在过去几个月中一直在处理的一长串问题中的另一点。

Facebook said it would notify users who were potentially impacted by this bug with a notification on its network, so keep an eye out for that.

Facebook表示将通过其网络上的通知来通知可能受此错误影响的用户，因此请注意这一点。

via

通过

翻译自: