The company Facebook discovered a bug on its platform that allowed third-party applications to access photos that users uploaded to Facebook, but decided not to publish.
The company has already resolved an issue that occurred between September 13 and September 25 and affected 6.8 million users. The bug could be used by about 1500 applications created by 876 developers.
The bug could be used only by those applications that you provided access to photos on Facebook, or in which you logged in through your account on Facebook.
In other words, the bug did not affect the photos that you shared in private messages. Plus, he couldn't access photos that you never uploaded.
Here is what Facebook writes in his post:
We're sorry that this happened. Early next week, we will release tools for app developers to determine which users are affected by the bug. We will work with the developers to remove unpublished photos of these users.
We will also notify affected users with notifications at Facebook. Through the notification, they will be able to go to a page where the applications that have been affected by the bug will be indicated.
You can see an example of such a notification below.
To check if the problem has affected you, visit the Help Center Facebook. If the bug did not affect you, you will see a message: 'Your account Facebook was not touched, and the applications you used were not able to access your other photos'.
Facebook also writes:
An error occurred, as a result of which the developers gained access to other photos, including from Facebook Stories or topics that you uploaded but did not publish.
We fixed this bug and found out that it has to do with an algorithm that allows apps to use our API to access your Timeline photos after you've given them permission.
The company also recommends that you go to the apps you shared your photos with at Facebook and check your photos.