Facebook has continuously been targeted for its failure to protect people’s online content. The social giant has once again come under fire after it announced a new data breach on Friday which may have let third-party apps access the private photos of nearly 7 million users.
The incident, which took place during a 12-day period in September, Facebook said. The company claims to have fixed the bug on Sept. 25.
As revealed by one of Facebook’s engineering directors, Tomer Bar, the incident took place during a 12-day period in September starting September 13 to September 25, 2018. During this fraction of time, some third-party apps may have had unauthorized access to photos including those that were never fully uploaded to the platform and those that were not publicly posted.
Facebook’s security team detected the bug in a photo API that affected people who used Facebook Login and granted permission to third-party apps to access their photo. The team fixed the issue on Sept. 25.
The social media giant apologized for the incident in an official post and assured users that it is currently working with developers to delete the photos. The company, however, declined to say how many of its users were affected by the bug.
“Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug,” Bar wrote. “We will be working with those developers to delete the photos from impacted users.”
The data breach has been uncovered at a time when Facebook is still working to repair its image and reputation that got ruined after the Cambridge Analytica data privacy scandal and because of its failure to stop Russian use of the site to meddle in the 2016 U.S. presidential election.