A post on the Facebook developers blog has revealed that a bug may have allowed third-party apps to access 6.8 million users private photos that had not been posted to the app. The bug was able to do this for 12 days between September 13 to September 25, 2018.
The post explains “When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Stories.
“The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.”
According to the social media site, over 1500 apps were able to access these photos across up to 6.8 million accounts. Facebook is currently working on a solution for app developers to determine who was affected by the bug and will “be working with those developers to delete the photos from impacted users.”
People who may have been impacted were contacted on the Facebook app and site and given options on how to check what apps had access to their photos.
This is just the latest in a series of bugs and data issues that the site has faced in 2018, back in July it was announced that a bug had impacted over 800,000 and unblocked people without permission. Recently it was revealed another bug had allowed hackers access to over 50 million accounts.