Summary:
In September 2018, a software bug resulted in photos that had been uploaded to Facebook accounts, but not been "published" (and which therefore should have remained private between the user and Facebook), beig exposed to app developers.
Allegations:
- For two weeks in September 2018, it was found that an error in the way Facebook shares photos allowed third-party apps to not only see what the users posted on their newsfeed, but also pictures on other parts of the site—Facebook Stories or Facebook's Marketplace, for instance.
Defence:
- A Facebook developer, Tomer Bar apologised for the error and said that the company would be rolling out tools to determine which users using their app might be impacted by the bug. He also said that the company would work with the developers to delete the photos from the impacted users.
- The only users affected were those who had given permission to third-party apps to access their photos through the Facebook login function.