Facebook says bug wrongly gave third-party apps access to photos of up to 6.8M users

Facebook said Friday that a bug gave as many as 1,500 third-party apps access to photos of 6.8 million users.The breach occurred for 12 days — from Sept. 13 to Sept. 25, the social media giant revealed in a blog post."When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline," the company wrote. "In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories."The bug also impacted photos that people uploaded to Facebook but decided not to post, the company said."For example, if someone uploads a photo to Facebook but doesn't finish posting it — maybe because they've lost reception or walked into a meeting — we store a copy of that photo so the person has it when they come back to the app to complete their post," the company wrote.Facebook said they fixed the bug and plan to notify affected users."The notification will direct them to a Help Center link where they'll be able to see if they've used any apps that were affected by the bug," the company wrote.The company also recommends people log into any apps with which they have shared their Facebook photos to see which photos the app can access.

Facebook said Friday that a bug gave as many as 1,500 third-party apps access to photos of 6.8 million users.

The breach occurred for 12 days — from Sept. 13 to Sept. 25, the social media giant revealed in a blog post.


"When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline," the company wrote. "In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories."

The bug also impacted photos that people uploaded to Facebook but decided not to post, the company said.

"For example, if someone uploads a photo to Facebook but doesn't finish posting it — maybe because they've lost reception or walked into a meeting — we store a copy of that photo so the person has it when they come back to the app to complete their post," the company wrote.

Facebook said they fixed the bug and plan to notify affected users.

"The notification will direct them to a Help Center link where they'll be able to see if they've used any apps that were affected by the bug," the company wrote.

The company also recommends people log into any apps with which they have shared their Facebook photos to see which photos the app can access.