Facebook today revealed that an issue might have given third-party apps access to users’ unshared photos. The bug involved the photo API (something developers use) and Facebook login for third-party apps.
Typically, Facebook only allows developers to see apps that are posted publicly. This issue made unshared photos, such as those left dangling in unpublished posts, exposed. Facebook fixed the issue, but says some 1,500 apps built by 876 developers could have viewed the photos of up to 6.8 million users between September 13 and September 25, 2018.
Facebook apologized for the breach and said it will be giving developers tools next week to help them determine which people might be impacted. Facebook said it will alert those whose photos may have been improperly exposed.
Facebook recommends users log into the apps they’ve granted photo access to see what photos might be involved.
