Facebook apologized Friday for a "bug" that may have exposed unposted photos from as many as 6.8 million users over a 12-day period through third-party applications. In the latest in a string of incidents on data protection, the leading social network said using Facebook login and granting permission to third-party apps to access photos may have led to the unintended lapse between September 13 and 25.
"When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline," engineering director Tomer Bar said in a message to developers. "In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories."
Bar added that the bug also impacted photos that people uploaded to Facebook but chose not to post - in situations where someone uploads a photo but doesn't finish posting it, for example. "We store a copy of that photo so the person has it when they come back to the app to complete their post," he said. Bar said affected users would be notified and directed to a help center where they will be able to see what images may have been affected.