The Turkish Personal Data Protection Authority fined Facebook $270,000 for the Photo API bug that exposed personal photos of 300,000 Turkish users.
The Turkish Personal Data Protection Authority (KVKK) has fined Facebook 1.65 million Turkish lira ($270,000) for the Photo API bug that exposed personal photos of 300,000 Turkish users.
In December, Facebook announced that photos of 6.8 Million users might have been exposed by a bug in the Photo API allowing third-party apps to access them. The bug impacted up over 870 developers, only apps granted access to photos by the user could have exploited the bug. According to Facebook, the flaw exposed user photos for 12 days, between September 13 and September 25, 2018.
KVKK fined the social network giant for failing to quickly address the issue and for neglecting to notify Turkish authorities of the incident. The fine is composed of 1 million for failure to address the issue in time, while the rest is for failing to notify the KVKK of impact on Turkish Facebook users.
The Turkish KVKK is also investigating Facebook Facebook hack that in September 2018 exposed access tokens of 50 Million Users.
This means that the KVKK Facebook may fine again the social network.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.