Facebook has revealed that the latest security lapse has exposed the photos of 6.8 million users, including the pictures which were not even posted on the website.
The security bug gave permission to up to 1,500 third-party apps to access the personal photos of the users, from September 13 to September 25, 2018. However, the company says that the bug has been fixed.
“Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos,” the company said in a blog post. “We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018.”
Meanwhile, the company will notify all its affected users.
“We're sorry this happened,” he added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
According to Facebook, the photos which were not posted on the website could have been accessed by third-party apps because it stores a duplicate copy of pictures that were not shared after attempting to upload.
The company is recommending users to log into apps with which they have shared their Facebook photos to check which photos they have access to.