Add another block on the pile of privacy concerns plaguing Facebook users.
The social media giant announced Friday that an API bug in their system exposed the private photos of as many as 6.8 million users to third-party app developers without their permission.
The bug occurred for 12 days – from September 13 to September 25, 2018.
It’s not unusual for third-party apps to have access to user photos. Many apps include this as an opt-in. However, those apps are only supposed to have access to the photos that have been shared on the timeline. In this case, apps received access to photos shared to Facebook Marketplace, Facebook Stories, and photos that had been uploaded to Facebook but not posted.
While the bug only applied to apps that Facebook approved photo API access to, that includes up to 1500 apps made by 876 developers.
Facebook stated in a blog post that they will send a notification to people potentially impacted by this bug, which will lead to a Help Center article on how to view which photos were exposed. They also recommend logging into third-party apps and seeing which photos those apps have access to.