Facebook Bug Update: 6.8 Million Users May Have Had Photos Exposed Due to API Bug

The notice Facebook users who may have been hit by an API bug in September will see if they were affected. Facebook

Facebook revealed Friday that 6.8 million users may have been affected by a bug that made their personal photos available to third-party apps. The bug meant that developers may have had access to photos that were not shared to user's timelines and instead were shared to Marketplace or to Stories.

The third-party apps had access to the photos during the period between September 13 and 28 of this year, Facebook said it then fixed the glitch. A release posted to the Facebook developers blog explained what happened and said the company would be releasing tools to help developers know who, if anyone, on their app, was affected by the bug.

Up to 1,500 apps from 876 developers may have been hit. To have been affected, users would have had to use the log in feature and grant the third-party app access to their photos. Normally this would only give the app access to photos that had been published to the user's timeline, but other photos were exposed as well. Even photos that users had uploaded to Facebook but never posted may have been exposed.

"We're sorry this happened," said the post from Facebook about the bug. "We will be working with those developers to delete the photos from impacted users," said Facebook.

Users will be notified in addition to the app developers. Users will get a notification on Facebook if they were affected by the bug, and that notification will provide a link to the Help Center on the social media platform to help them check if they've used any of the compromised apps.

Facebook was also recommending that users log in to any app they may have used Facebook to log in to and see if any photos were accessible there that shouldn't be. Developers should have been directed to delete the photos but users can see if any were compromised at all.

This most recent reveal of compromised security on Facebook and its third-party apps is the latest in a series of security problems the site has endured this year. Other bugs have affected private messages, account passwords and more.

Facebook users don't need to change their passwords but can check which apps they have connected to the network in the app or on the web-based platform.