When users grant apps access to their photos on Facebook, they are only supposed to be photos shared on their timeline. This bug, however, potentially gave apps access to user photos shared on Marketplace and Facebook Stories, as well as photos that users may have uploaded and then chosen not to post.
In a blog post, Facebook wrote: "The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos." This may apply to as many as 1,500 apps built by 876 developers.
Next week, Facebook will give app developers the tools to determine which users were impacted by the bug, and will notify Facebook users directly via a Facebook alert if they were potentially affected. Users will also be able to see via Help Center if any of the apps they have used were impacted.
In the blog post, Facebook advised users to "log into any apps with which they have shared their Facebook photos to check which photos they have access to."
It's been a terrible year for Facebook. This bug comes on the heels of a security breach in September that exposed the personal data of almost 50-million users. In April, Facebook announced that 87 million users were affected by the Cambridge Analytica data breach. In June, another 14 million users were impacted by a privacy-settings bug. And in November, The New York Times published an in-depth investigation into Mark Zuckerberg and Sheryl Sandberg's responses to the various crises the company has faced over the past two years, from Cambridge Analytica to Russian meddling in the 2016 US presidential election.
If this latest scandal has you questioning whether it's time to finally end your relationship with Facebook, here are 4 things to consider before you delete your account. Either way, now's a good time to double check which third-party apps you let connect with your account and make sure your privacy settings are secure.