Facebook bug gave developers broader access to user photos

Facebook Inc said a software bug gave outside developers broader access to the photos of millions of users, another privacy misstep by the world’s largest social network.

As many as 6.8 million users and up to 1,500 apps were involved, according to a blog the company posted on Friday. The bug has been fixed and Facebook is alerting people potentially affected.

“We’re sorry this happened,” Facebook said. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

Usually when a Facebook user gives an app permission to access their photos, the company only grants access to images shared on their timeline. The bug, which spanned the 12 days between September 13 and September 25, potentially gave developers access to other images, such as photos uploaded to the site but not yet posted, the Menlo Park, California-based firm said. A Facebook representative said the bug was global, and it does not yet know which developers got more photos than they should have.

This is the latest in a series of incidents that have eroded user trust, including a major breach in September. The Irish Data Protection Commission said it has launched a new probe investigating Facebook after receiving a number of breach notifications from the company this year, beyond the one disclosed on Friday.