Sometimes it makes sense to let third-party apps access their own Facebook photos: for example, because they want to present their uploaded motifs on multiple platforms anyway. Or because you need a picture for a dating platform that looks even younger. However, a new message from Facebook is likely to discourage future users from allowing a third-party app to gain such access.

Usually, external programs get only those Facebook photos shared that users have placed on their timeline. However, between September 13 and September 25, 2018, things were different. According to Facebook, a technical bug that has since been eliminated made it possible for apps to potentially access Facebook photos that were used or stored for other purposes. Thus, for example, images should have been available that were actually intended only for Facebook services such as Marketplace and Facebook stories.

Even more piquant: The access rights extended according to Facebook even on images that someone uploaded, but ultimately did not post. "For example, if someone uploads a photo on Facebook, but has not finished the release - perhaps because he has lost the reception or gone to a meeting - we'll save a copy of that photo," Facebook writes, "so that Person has it when she reopens the app to complete her post. "

There are also more cumbersome examples

The example, of course, is intentionally unsophisticated. Practically, according to this logic, for example, the access to erotic recordings may have been possible, which were ultimately not sent. Or pictures where you only came to the conclusion at the second glance that you looked so unfavorable, that you prefer not to use them.

From the breakdown could be affected according to Facebooks first public estimate up to 6.8 million users. Extensive access to images could therefore have up to 1500 apps from 876 providers. All apps that could affect this bug, are those that Facebook has granted access to its photo interface, the company still makes it clear. In addition, in the respective cases in principle always the users themselves had allowed the apps to access the data.

Conversely, if you did not log in to any third party service with their Facebook login and then allowed them to use their images, it does not affect that issue.

The next breakdown

"We are sorry that this happened," Facebook writes in his blog post. For the company it is already the second breakdown, which falls in time in the September 2018. At the end of the month, the company had informed millions of users about an "attack on our system". It later turned out that the data leak affected 30 million profiles. Whether there is a connection between the two incidents, does not emerge from Facebook's current opinion.

As a next step, the company says it intends to provide tools to external app developers early next week to help them determine which of their users might be affected. "We will work with these developers to delete the photos of the affected users," promises Facebook.

Users who may have lost pictures, the company also wants to inform personally. A notification directly on Facebook will lead users into the help area of ​​the network, it is said - there you will be able to tell if you have used any of the affected apps. "We also recommend that users log in to any apps they share Facebook photos with to see which photos they have access to," Facebook adds.