- Facebook found a bug that gave 1,500 third-party apps access to the unposted Facebook photos of 6.8 million users.
- Unposted Facebook photos affected include pictures uploaded to Facebook Stories, Facebook Marketplace, and uploaded photos that were never shared.
- “We’re sorry this happened,” Facebook said in a statement.
Facebook said on Friday in a developer-focused blog post that it had discovered a nasty bug in its photo software.
The bug allowed authorized app programmers to access photos that people had uploaded to Facebook but had not publicly shared.
There are several different kinds of photos someone might have uploaded but not shared, Facebook explained. Photos shared to Facebook’s Marketplace software, or Facebook Stories, are affected by the bug.
“For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo so the person has it when they come back to the app to complete their post,” Facebook said in its statement.
The bug may have affected 6.8 million users, 1,500 apps, and 876 app developers, Facebook said, but users had to give the apps authorization to “access the photo API.” The bug was active for 12 days in September earlier this year.
“We’re sorry this happened,” Facebook said in a statement. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
Facebook has faced an unending string of privacy scandals over the past two years. Developers were able to take and sell the personal data of 87 million Facebook users in what came to be known as the Cambridge Analytica scandal. Facebook said that earlier this year that “most” of Facebook’s users may have had their personal data skimmed by “malicious actors.”
If you’ve been affected by the most recent photo bug, you’ll see an alert on Facebook, the company said in a statement. “We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to,” according to the blog post.