Swati Khandelwal writes:
If you have enabled automatic Facebook Photo Sync feature on your iPhone, iPad or Android devices, then Beware! Hackers can steal your personal photographs without your knowledge.
In 2012, the social network giant introduced Facebook Photo Sync feature for iPhone, iPad and Android devices which, if opt-in, allows Facebook to automatically sync all your photos saved on your mobile device with your Facebook account.
The photos that you have synced from your phone are automatically uploaded in the background to a private Facebook album, which is not visible to any of your Facebook friends or other Facebook users. However, you may can choose then to share photos from the album on your Facebook timeline or send them as a message to a friend.
A bug bounty hunter, Laxman Muthiyah, discovered a critical flaw in the Facebook Photo Sync feature and Facebook API that could allow any third-party app to access your personal photos from the hidden Facebook Photo Sync album.
Read more on The Hacker News.