Facebook said Friday a security glitch may have let third-party apps access the private photos of as many as 6.8 million users, the latest example of the social media company failing to protect people's online content.
The incident, which took place during a 12-day period in September, included images never fully uploaded to the platform and those not publicly posted, Facebook said. The company said it detected the bug and fixed it Sept. 25.
The security lapses come as Facebook works to repair the damage to its reputation from missteps that include the Cambridge Analytica data privacy scandal and failing to stop Russian use of the site to meddle in the . Hackers also accessed data belonging to tens of millions of users, the company revealed in September.
Facebook apologized for the incident in a post written by one of its engineering directors, Tomer Bar, who added the company was working to address the problem.
"Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug," he wrote. "We will be working with those developers to delete the photos from impacted users."
Bar said users who may have been affected by the bug would get an alert on Facebook. The notification will direct them to the company's Help Center, where people can check if they've used any apps that could expose their photos.
Facebook typically lets third-party app developers get approval from users to access images shared on their timeline. The new bug, however, gave about 1,500 apps access to what the company said called a "broader set of photos than usual."
That includes images that someone might started posting, but decided against before finishing the task, as Facebook keeps a copy of the initial attempt in case the user wants to upload it later.