In yet another data breach, Facebook has revealed that a software bug caused photos of millions of its users being exposed.
According to the world’s largest social media network, over 12 days in the month of September, several third-party applications gained access to “broader set of photos than usual.”
Facebook said that the bug exposed photos of a whopping 6.8 million of its users but more shockingly, it revealed that even photos that users had not posted online were exposed in the breach.
In the revelation made on the developers’ blog of the company, a Facebook engineering director, Tomer Bar explained, “When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos.”
Bar wrote, “Early next week, we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users. We’re sorry this happened.”
The company said that up to 1,500 apps, built by 876 developers, were affected by the glitch.
In its post, it also sought to reassure users that it would now begin notifying affected users and that that it would work with affected developers to help them “delete the photos from impacted users.”
Facebook also pointed out that the bug not only provided developers access to photos on a user’s timeline but also gave them access to photos posted in certain other features, including in ‘Stories’ and ‘Marketplace.’
Further, it allowed app developers to view photos that people had uploaded but had not posted on Facebook yet.
The data breach, which became the latest in a series of similar incident suffered by the social network, comes at a time when the company is facing intense scrutiny in several countries.
Facebook’s problems with privacy largely began in April after the massive Cambridge Analytica data scandal was exposed.
The tech giant also exposed another large data breach in the month of October, which affected nearly 30 million accounts.