Facebook has been hit by another data leak.
Facebook confirmed today that a photo API bug exposed the photos of up to 6.8 million users to third-party apps. These apps had been approved to access the photos API and were authorized by users to access their photos, but the bug allowed the apps to access photos that they didn't have access to. Apps usually only have access to photos on a user's timeline, but the bug gave developers access to photos shared on the Marketplace and Facebook Stories, as well as photos people uploaded to Facebook but didn't actually post.
This photos API bug ran for 12 days from September 13 through September 25. Facebook found the bug on September 25 and has told TechCrunch that it reported the bug to the European Union's Office of the Data Protection Commissioner on November 22.
"We're sorry this happened," Facebook said in a post announcing the data leak. The company says that it will alert people that've been affected by the bug via an alert on Facebook. They'll be directed to this help page to see if they've used any of the apps affected by this bug.
This is just the latest security issue that Facebook has had recently. A couple of months ago, Facebook was hacked and around 30 million people had their access tokens stolen, which could be used to take over a person's account. Millions of pople had personal info like their username, phone number, gender, hometown, and current city accessed by the hackers.