JAKARTA, NNC - Facebook admitted a bug that exposed private photos of its 6.8 million users at the end of last week.
“Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos,” Facebook said on its official page.
Facebook has fixed the bug but is concerned that some third-party app developers might have access to more photos from periods September 13-25.
"The bug may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers," it said.
Usually, third-party apps allowed to access photos can only see content shared by users on their timeline. But, this bug allows developers to see photos of users in other places, such as Stories or Marketplace.
The photo can also access photos of users uploaded to Facebook, but did not finish posting. Facebook normally store unposted photos for three days.
“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug,” Facebook said.
Facebook would also notify affected users of the bug through an alert and will direct users to a Help Center.