A photo API bug may have affected 6.8 million Facebook users who gave permission for third-party apps to access their photos, according to a post by the company on Friday (Dec. 14).
“We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between Sept. 13 to Sept. 25, 2018,” the post said.
The company explained that when a person gives an app permission to access Facebook photos, it usually includes only photos on a person’s timeline. However, the bug gave developers more access than usual, and Marketplace and Facebook Story photos were available to these third-party apps.
The bug also affected people’s drafts – photos they may have uploaded but decided not to post. Facebook said it keeps a copy of those photos for three days, in case the person decides to finish the post.
In addition to exposing 6.8 million users, the bug also affected up to 1,500 apps by 876 developers. The affected apps were all approved by Facebook to use the photo API, and had authorization from people using the apps.
“We’re sorry this happened,” the company said. “Early next week, we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
The social media giant said it would notify people who might have been affected by the bug through a Facebook alert. The alert will send users a special Help Center link, where they can find out if they have interacted with any apps altered by the bug.
Facebook has had a few privacy scandals over the past year. In March, news came out that Cambridge Analytica used data from Facebook to influence the 2016 election, and in September, the company said there was a security breach that affected up to 50 million users, which sent the company’s stock price tumbling 2.5 percent.