Facebook discloses info on "bug" that allowed apps access to 6.8 million users' non-posted photos

Facebook has released a post to its 'for developers' blog in which it details a new bug that may have exposed the data associated with millions of unwitting users to third parties. These users are those who allow non-Facebook apps access to their photos. However, it seems that an "API bug" has allowed these apps to see all photos uploaded to the company's servers, and not just those added to timelines as intended.

Therefore, these third-party apps may have been able to access photos that users had uploaded to Facebook, but then decided not to share publicly. The apps may also have been able to reach photos posted to non-timeline areas of the social media site, such as Marketplace or Facebook Stories. The blog post, submitted today (December 14) by company representative Tomer Bar, contains estimates that as many as 1,500 apps developed by 876 separate parties may have had this level of access from September 13 through 25.

Bar also reported that this bug may have affected as many as 6.8 million users over this period. He also relayed the company's apologies for the lapse, and a commitment to the provision of support for developers who want to know how many of their apps' users were affected by it and to what extent. The users themselves will also be contacted in order to inform them of this situation via a Facebook Alert. They will be directed to a resource that will enable them to check whether or not apps that they have granted permissions to in the past have seen more photos than they should have.

Source(s)