• A Facebook bug may have exposed private and unlisted photos of users to the wider web.
  • According to Facebook, this bug affected up to 6.8 million of its users.
  • Facebook will notify the users it believes were affected by the bug and will work with third-party apps to delete private photos.


Another month, another Facebook privacy scandal, eh? Today, the company revealed a Facebook bug which allowed third-party apps to access non-timeline photos of certain users, which includes Stories photos, Marketplace photos, and even private photos not shared anywhere on the platform.

Since this Facebook bug granted private photo access to third-party apps, those apps could then download and save the photos — potentially exposing them to the world at large.

Currently, Facebook believes this bug may have affected 6.8 million of its users from September 13 to September 25, 2018.

Editor's Pick

If you are a Facebook user affected by this bug, Facebook will notify you soon. The notification will direct you to a Help Center link where you can see which apps you’ve used that were affected by the bug. However, it doesn’t appear you’ll be able to actually do anything pertaining to the situation once you see that info — it’s essentially Facebook saying, “Your photos may have been compromised, these are the companies which may have seen them.”

Meanwhile, Facebook is working directly with the 876 developers who created over 1,500 apps affected by the bug. Next week, Facebook will roll out “tools for app developers that will allow them to determine which people using their app might be impacted by this bug,” and delete the compromising photos.

Click the button below to read the full public letter from the Facebook security team: