Facebook revealed on Friday that a bug in its platform may have allowed third-party apps to have access to a broad range of user photos, including pictures that users uploaded to Facebook but did not share.
Facebook said in a statement on its website that the bug may have affected 6.8 million users and up to 1,500 apps between Sept. 13 and Sept. 25. The company did not say when it discovered the issue.
“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” Facebook wrote. “In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn't finish posting it – maybe because they've lost reception or walked into a meeting – we store a copy of that photo so the person has it when they come back to the app to complete their post."
The social media company said it will put out tools next week for the app developers to see which users were impacted by the big and it will help those developers delete the exposed photos.
Facebook: To Delete or Not to Delete?
Facebook said it will also notify its users who were potentially affected with a Facebook alert. It also encouraged people to visit the Help Center to see if they or apps they use were affected.