Facebook’s latest privacy scandal: The private photos of millions of users were accidentally shared with 1,500 apps

  • Facebook said it found a bug that gave as many as 1,500 third-party apps access to the unposted Facebook photos of up to 6.8 million users.
  • The affected pictures include those posted on Facebook Stories and Facebook Marketplace, as well as those that were uploaded but never shared, Facebook said.
  • “We’re sorry this happened,” Facebook said in a statement.

Facebook said on Friday in a developer-focused blog post that it had discovered a nasty bug in its photo software.

The bug allowed authorised app programmers to access photos that people had uploaded to Facebook but not publicly shared, as well as those posted on Facebook’s Marketplace software or Facebook Stories, the post said.

There are several cases in which someone might have uploaded a photo but didn’t share it, Facebook explained.

“For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they have lost reception or walked into a meeting – we store a copy of that photo so the person has it when they come back to the app to complete their post,” Facebook said in its statement.

The bug may have affected as many as 6.8 million users, 1,500 apps, and 876 app developers, Facebook said, but users had to give the apps authorization to “access the photos API.” It said the bug was active for 12 days in September.

“We’re sorry this happened,” Facebook said in a statement. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

Facebook has faced a string of privacy scandals over the past two years. A researcher was able to take and sell the personal data of up to 87 million Facebook users in what came to be known as the Cambridge Analytica scandal. And Facebook said earlier this year that “most” of its users might have had their personal data skimmed by “malicious actors.”

If you’ve been affected by the latest photo bug, you’ll see an alert on Facebook, the company said in a statement.

“We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to,” the post said.