Facebook Bug Exposed 6.8 Million Users’ Unposted Photos

Facebook has had a brutal year in the court of public opinion, and things might be about to get even worse for the social media giant. Late this week, the company quietly admitted that a bug in its code exposed the photos of 6.8 million users to third-party apps — including photos that users never even finished sharing to the site.

This security flaw allowed apps that users approved to pull their timeline photos to also get their Facebook Stories, Marketplace posts and even pictures that they began to upload to the site but never finished posting. According to Facebook, the bug affected users for 12 days between September 13 and September 25.

“We’re sorry this happened,” Facebook engineering director Tomer Bar wrote. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

Facebook says that it will notify users who were affected by the bug, and it’s also recommending users log in to their apps to see if they have wrongful photo access. It’s unclear how this controversy will affect users’ trust in Facebook, but one thing’s for certain: this isn’t good news for a company already plagued by privacy scandals.