Facebook has been fined by the Turkish Personal Data Protection Authority (KVKK) for an API bug that exposed personal photos of 300,000 Turkish users. The fine of 1.65 million Turkish lira ($270,000) is in relation to a security incident that Facebook revealed in December 2018.
Facebook stated earlier that a bug in the Photo API might have exposed the photos of 6.8 million users to around 1,500 apps built by 876 developers.
The bug was present in Facebook’s code from September 13 to September 25, 2018, and Facebook assured that there wasn’t any evidence of abuse.
The KVKK said that they have decided to fine the tech giant for failing to react in a timely manner and fix the bug, and also for neglecting to notify Turkish authorities of the incident.
The 1.65 million Turkish lira fine includes 1 million for not fixing the bug in time, and the remaining for failing to notify the KVKK of the API bug’s impact on Turkish users.
The KVKK is also investigating the company for its September 2018 data breach, in which unknown attackers exploited three bugs to steal the personal details of 50 million users which was later adjusted to 30 million.
In March, Turkish media reported that Facebook had filed a 30-page response to the KVKK’s investigation into its September 2018 data breach. This case is still pending and Facebook is soon to face another investigation from the KVKK.
In a latest news it was mentioned that KVKK announced that they have started an investigation into Microsoft’s recently disclosed security breach in which the hackers compromised a Microsoft support agent’s account. The attackers used the account to view information about some users’ accounts, such as e-mail addresses, folder names, the subject lines of e-mails, names of correspondents, and some emails’ contents. The KVKK believes some Turkish users were also affected by the breach.