Between Sept. 13 and Sept. 25, a bug temporarily exposed more photos than intended to third-party apps that use Facebook logins, the social network acknowledged on Friday.
As many as 6.8 million people and 1,500 apps may have been impacted, Facebook said. Some of the leaked photos came not just from regular posts, but ones in Stories or that were uploaded but never shared.
Facebook discovered the problem on Sept. 25, the company told TechCrunch. It didn't say why it waited until now to reveal the issue, but late September also saw Facebook dealing with a security breach affecting nearly 50 million people, potentially letting hackers hijack profiles.
Anyone subject to the photo issue should receive a notification from Facebook, which is further promising to work with app developers to delete any photos they weren't supposed to have.
The latest developments only compound Facebook's problems during 2018, led by the Cambridge Analytica scandal. Analytica and Cambridge University researcher Aleksandr Kogan used a quiz app to collect data on Facebook users and their connected friends, the latter without consent, enabling Analytica to build voter profiles for some 71 million Americans and a smaller amount of people overseas. Facebook discovered the data harvesting in 2015, but only made it public in March 2018. This drew the scrutiny of governments in the U.S. and U.K.
Some clients of Cambridge Analytica — now defunct — included the Presidential campaigns for Donald Trump and Ted Cruz, and the Institutional Revolutionary Party during Mexico's 2018 general election.