As if the recent data privacy and security scandals that have embroiled the social media giant weren't enough, Facebook is in for yet another privacy hullabaloo. The company has confirmed today that it recently found a bug on its photo API that may have potentially exposed photos of up to 6.8 million users to third-party apps.
The bug affected the Facebook Login feature which allows users to grant third-party apps access to their photos. In normal situations, those apps are supposed to gain access only to photos users share on their timeline. However, the bug may have allowed third-party app developers to access pictures that were uploaded but were not successfully posted for some reason. It may also have impacted photos shared on Marketplace for Facebook and Facebook Stories.
Facebook says the problem occurred from September 13 to September 25. The company has since fixed that issue, but not before some 1,500 third-party apps may have accessed those photos.
Regarding what happened, Facebook has this to say:
"We're sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users."
The social network titan will also send notifications to potentially affected users, providing them a link to Facebook's Help Center to see which apps they've used, if any, may have succumbed to the bug.
Facebook's latest privacy blunder certainly puts the company on notice for a potential penalty under the General Data Protection Regulation, a situation which the social network is already familiar with. At the very least, it's likely to further dampen users' trust in the company's capability to protect their data.