Facebook bug exposed photos from up to 6.8 million users

Marlene Awaad | Bloomberg | Getty Images

Mark Zuckerberg, chief executive officer and founder of Facebook Inc., listens during the Viva Technology conference in Paris, France, on Thursday, May 24, 2018. 

A Facebook bug exposed photos from up to 6.8 million users using third-party apps, the company disclosed Friday. The exposed photos include those that users never finished sharing to the site, Facebook said.

The disclosure is one of several privacy scandals the company has grappled with over the past year. In March, reports from the New York Times and the Guardian shed light on how Cambridge Analytica used data on Facebook users to influence the 2016 U.S. presidential election. In September, it announced a security breach that affected up to 50 million users and sent its stock price plunging more than 2.5 percent.

Facebook said that photos that had yet to be shared could have been accessed by apps that users gave permission to access their Facebook photos. Facebook said that photos that hadn’t yet been shared on its platform could be accessed because the platform stores a copy of photos that users do not finish sharing on their profile after attempting to upload.

Facebook said the bug in its photo API affected a 12 day window between Sept. 13 and Sept. 25 and gave access to up to 1,500 apps built by 876 developers. Facebook said the bug did not affect photos that were shared in Messenger conversations and that Facebook became aware of the bug and fixed it on Sept. 25.

Facebook said it will alert users who may have been affected by the breach through a notice on the site that will show them how to see if apps they use were affected. The company also advises users log into apps they believe they granted access to Facebook photos to see which photos they have accessed.

“We’re sorry this happened,” Facebook said in the post on its developers blog written by Tomer Bar, an engineering director at the company. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

Subscribe to CNBC on YouTube.