Facebook informed its users on Friday about a potential bug that may have exposed up to 6.8 million users’ unposted photos to third-party apps.
The bug allowed third-party apps to inadvertently access photos that they typically are unable to, like those shared on Facebook Stories or Marketplace, or images that users started to upload, but never finished. Normally, apps can only access photos that people share on their timeline, according to Facebook.
“We're sorry this happened,” the company said in a statement. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
Affected users will be alerted by the company.
It’s the latest controversy to plague the social media giant, which has seen its fair share of scandals in 2018. This is at least its third time inadvertently revealing the personal information of its users.
In September, Facebook revealed that a hack allowed attackers to harvest millions of phone numbers and email addresses. The company later said the hackers used 400,000 accounts under their control to gain the access tokens of 30 million Facebook users. It was the largest data breach in the company’s history.