‘We’re sorry’: Facebook bug exposes up to 6.8 million users’ photos in breach

Facebook has apologised for the latest breach. Source: Getty.

Facebook has been forced to apologise after as many as 6.8 million users may have had their photos, (some of which were still private), exposed to other third-party apps.

The social media giant announced on Friday that several third-party apps will have had access to “a broader set of photos than usual” for 12 days in September.

Those photos included some shared on Marketplace or Facebook Stories, as well as some that people uploaded but then chose not to actually post. This may have been due to a loss of signal, or simply the user changing their mind about sharing it.

“We store a copy of that photo for three days so the person has it when they come back to the app to complete their post,” Facebook explained in a lengthy blog post.

Explaining exactly what happened, it added: “When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline.

“In this case, the bug potentially gave developers access to other photos.”

While up to 1,500 apps were affected by the glitch, millions of users could have been hit too – and Facebook confirmed they would be contacting anyone affected individually.

The hugely popular social media platform said it would be working with affected developers to help them “delete the photos from impacted users”.

While the bug was active between September 13 to September 25, it has since been fixed.

It’s unfortunately the latest in a long string of data breaches – many of which have happened this year.

“We’re sorry this happened,” the blog post continued. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug.”

The bug apparently stemmed from a problem in Facebook’s Photo API, (application program interface). Potential victims of this breach will be notified by Facebook via an alert.

It comes after a Queensland man was left over $150,00 out of pocket after falling victim to a cruel Facebook lottery scam in September.

Speaking to Channel 7 at the time, the man, who wished to remain anonymous, said everything went down hill around three years ago when the scammers first initiated contact.

While browsing through the social media networking site, the man explained he was told he had won a total of $650,000.

After he was convinced he was the winner of the staggering amount of money, he was then asked to pay a fee to unlock the funds. This continued on for the next three years, with the man’s bank account slowly decreasing.

Read more: Aussie loses $160,000 in cruel Facebook scam

Overall the man forked out around $160,000, seeing not even a cent of his apparent lottery winnings.

Meanwhile, the social media platform had to say sorry earlier that month when almost 50 million users around the world were affected by a security breach after hackers compromised the social media site’s ‘View As’ feature.

Read more: Facebook says sorry after serious security breach impacts 90M users worldwide

“Attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else,” Facebook VP Guy Rosen said in a statement.

“This allowed them to steal Facebook access tokens – the equivalent of digital keys – which they could then use to take over people’s accounts.”

Do you think you could have been affected by Facebook’s latest data breach?