Facebook reported a bug in its Photo API system this morning, potentially exposing photos to third-party app developers ̵
The nuts and bolts are pretty simple here. Facebook offers app developers APIs that allow them to build additional tools using Facebook as a foundation. One of these tools is the Photos API, which allows developers to request access to users' photos to provide various utilities. However, granting users access to their photos is generally limited to timeline photos.
However, this newly announced photo book allowed up to 1,500 apps to access on all user photos, including those for which they were shared stories or in the marketplace. In addition, these developers have also seen photos that have been uploaded but never published, ie, drafts.
Facebook claims the bug has "up to 6.8 million users and up to 1,500 apps created by 876 developers. "These are some pretty big numbers, and although Facebook has resolved the problem, it's alarming that took three months to reveal to its users. This is just another point in a long list of issues that Facebook has been addressing in recent months.
Facebook said it would alert users who might have been affected by this bug with a notification on their network for that.
via Facebook Developer