Facebook on Friday apologized to millions of users who may have had their unpublished photos exposed to third-party app developers.
“We're sorry this happened,” Tomer Bar, engineering director at Facebook, wrote in a blog post about the flaw.
The flaw allowed apps that users accessed through the social network’s “Facebook Login” system to see photos that had been uploaded but not published on Facebook, as well as photos published to Facebook’s “Marketplace” and to its Stories feature.
“The bug also impacted photos that people uploaded to Facebook but chose not to post,” Bar wrote.
Connected apps, which users have signed up to with their Facebook account, can access a variety of user data including usernames and profile pictures.
Facebook said the breach “affected up to 6.8 million users and up to 1,500 apps built by 876 developers.” The photo issue was discovered and fixed on Sept. 25, just days before the social network publicly announced another security flaw that exposed the details of 50 million users, the company said.
The photo flaw was initially introduced on Sept. 13, meaning developers could have accessed users’ photos for 12 days. Facebook did not share how they came up with the number of affected users, or what apps may have been affected. Facebook also did not say whether it had found that any user photos had been accessed.
The company has been dogged by privacy concerns in 2018, particularly with regard to the user data available to app developers following the revelation that political consultancy Cambridge Analytica was able to access the data of over 80 million users.
The security issue comes a day after Facebook’s “Privacy Pop Up” in New York City, which featured staffers helping people update their privacy settings.
Facebook’s Chief Privacy Officer Erin Egan spoke to NBC News about the ongoing security and privacy issues the social media giant has been plagued with this year.
“It’s not something we can win outright,” Egan said. “When issues occur, we will act quickly and be transparent about it.”
Egan said that Facebook has tripled the amount of employees who work on the safety and security teams.
Facebook directed users concerned that their private photos may have been exposed to visit its help page, which has a tool for users to determine if they were affected.