Facebook disclosed on Friday that a bug may have affected up to 6.8 million users, allowing app developers to see photos that users had uploaded but never posted – but this was hardly the first mea culpa the social media giant has had to send out regarding data and security as of late.

Here’s a quick look at Facebook’s recent issues with user privacy:

A whistleblower came forward in March to reveal that Cambridge Analytica improperly harvested the personal Facebook data of 50 million people in order to profile and target users for political advertisements. After five days of silence, Mark Zuckerberg apologised for his company’s “mistakes”.

A bug in June caused a glitch that publicly published the posts of 14 million users that were intended to be private. Erin Egan, Facebook’s chief privacy officer, apologised for the “mistake” and said the company had since fixed the glitch.

Hackers were able to access and steal personal information in nearly half of the 30m accounts affected in a September security breach. The company initially believed that 50 million users were affected in an attack that gave the hackers control of accounts.

Mark Zuckerberg faced accusations in a lawsuit filed by the software firm Six4Three in May that he “weaponised” the ability to access user data. The company has rejected all such claims and has repeatedly made motions to have the case dismissed.

It was this same lawsuit that led to a cache of internal communications coming out after the UK parliament obtained the documents in an extraordinary move to hold Facebook and Zuckerberg accountable. The documents were under seal by a California court, and Facebook’s attorneys and the judge in the case have both criticised Six4Three’s legal team for turning over the confidential papers.

These documents revealed that Facebook staff did discuss selling access to user data to advertisers in 2012 before deciding to restrict such access two years later.

The documents also led to Facebook finally agreeing to a hearing in front of the House of Commons, which took place in November. Facebook sent a representative, the former Liberal Democrat MP Richard Allan. During hours of questioning, it was revealed that an engineer had warned the company in 2014 that users apparently based in Russia were collecting large amounts of data each day. A company spokesperson later commented that the matter was properly investigated and deemed not a data breach.

In March, users realised that the company had collected text messages and phone call records through smartphone apps without their consent. Facebook immediately issued a “fact check” claiming “people have to expressly agree to use this feature” and “uploading this information has always been opt-in only”. But the “fact check” did not acknowledge that some previous notification screens did not warn users that call and text history would be uploaded.

This has since led to a class-action lawsuit alleging that, in doing this, Facebook “presents several wrongs, including a consumer bait-and-switch, an invasion of privacy, wrongful monitoring of minors and potential attacks on privileged communications”. Facebook has said it asks for users’ permission to enable the feature that gives access to call logs.