Facebook discovered yet another privacy hole in its service. This time there was a flaw in the platform that let apps access people's photos that should not have been available.
On Friday, Facebook disclosed a "bug" in its photos APIthe platform for developers to create apps that tap into people's photos on the site. The bug existed from September 12 to September 25, and during that time hundreds of apps that use the photos API were able to see people's photos that were never posted publicly to Facebook.
The social network said in a blog post on Friday that up to 6.8 million people were left exposed by the security lapse, which would have made photos they never posted publicly visible to the app developers. A person would only be affected if at one point they gave an app permission to access their photos for a service. Apps for dating and photo sharing are typically the kinds of services that request access to photos, and Facebook said there were 1,500 apps from 876 developers affected.