Facebook revealed on Friday that a bug in its platform may have allowed third-party apps to have access to a broad range of user photos, including pictures that users uploaded to Facebook but did not share.
Facebook said in a statement on its website that the bug may have affected 6.8 million users and up to 1,500 apps between Sept. 13 and Sept. 25. The company did not say when it discovered the issue.
“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” Facebook wrote. “In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. The bug also impacted photos that people uploaded to Facebook but chose not to post. For example, if someone uploads a photo to Facebook but doesn't finish posting it - maybe because they've lost reception or walked into a meeting - we store a copy of that photo so the person has it when they come back to the app to complete their post."
The social media company said it will put out tools next week for the app developers to see which users were impacted by the bug, and it will help those developers delete the exposed photos.
Facebook said it will also notify its users who were potentially affected with a Facebook alert. It also encouraged people to visit the Help Center to see if they or apps they use were affected.
The problem comes in a year fraught with privacy scandals and other problems for the world's biggest social network. Revelations that the data-mining firm Cambridge Analytica improperly accessed data from as many as 87 million users led to congressional hearings and changes in what sorts of data Facebook lets outside developers access. In June, a bug affecting privacy settings led some users to post publicly by default regardless of their previous settings. This bug affected as many as 14 million users over several days in May.
On Thursday, to counter the bad rap it's gotten around privacy as of late, Facebook hosted a one-day "pop-up" to talk to users about their settings and whatever else may be on their mind. Chief Privacy Officer Erin Egan was on hand to answer questions. Asked by a reporter what grade she'd give Facebook for its privacy work in the past year, she said "B." By 2019, she said she hopes the improvements will result in an "A."
Privacy experts might call it grade inflation. In any case, the company has its work cut out before it makes the perfect grade.
With two more weeks left of the year, it's possible there's still time for another privacy kerfuffle at Facebook.
The Associated Press contributed to this report.