×

Facebook has disclosed another privacy breach: The company said Friday that a technical glitch in its photo-sharing system may have exposed the private photos of as many as 6.8 million users.

The company said it fixed the bug in the photo application programming interface (API) that is used to let some 1,500 apps from 876 developers access Facebook users’ photos. The social giant said some third-party apps may have had access to a “broader set of photos than usual” for 12 days, between Sept. 13-25, 2018.

Facebook said the only apps affected were those that the company approved to access the photos API. However, the glitch potentially gave developers access to photos that users did not agree to share, such as those posted on Marketplace or Facebook Stories, as well as pics people uploaded to Facebook but chose not to post.

The disclosure comes after Facebook in late September announced the biggest hack in its history: The company reported that a security vulnerability had compromised up to 50 million user accounts. It later said hackers had successfully accessed data from 29 million Facebook members.

That was after the news earlier this year that info on up to 87 million Facebook users was misappropriated by Cambridge Analytica, a data consultancy that was used by Donald Trump’s 2016 election campaign. That fiasco led to CEO Mark Zuckerberg testifying before congressional committees. And in August, Facebook said an app called myPersonality had improperly shared personal data from 4 million users with researchers and other third parties.

On the photo issue, Facebook said it will notify users who were potentially impacted by the bug via an alert on the service, directing them to a Help Center page (at this link) to check if they’ve used any apps affected by the bug. In addition, the company recommends users log into any apps with which they have shared their Facebook photos to check which photos the apps have access to.

“We’re sorry this happened,” Tomer Bar, engineering director at Facebook, wrote in a notice posted Friday to the company’s site for developers. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug.” He added that Facebook will work with those developers to delete the photos from affected users.