on the Facebook blog is in the API – like many of the recent bugs – and apparently affected 6.8 million accounts.
Whew, only photos? Well – compared to all the other issues with privacy that Facebook had this year, your uploaded images seem like a small issue. At least it’s not more private information like in the leaks before.
So what exactly happened? According to the Facebook blog for developers people using Facebook Login and granted permission to third-party apps to access their photos might have shared more than what they wanted to.
Normally the apps in question should only have had access to the images on the user’s timeline which sounds reasonable enough if you gave your OK for it. The bug gave the developers more access though: To photos shared on Marketplace or Facebook stories for example. Even images that were uploaded but not posted (for whatever reason) were in the mix.
The whole issue lasted for around 12 days from September 13 to September 25 2018. It affected 6.8 million users and 1500 apps. If you were affected in any way you will get an alert on Facebook which will direct you to the Help Center where they’ll be able to see if they’ve used any apps that were affected by the bug.