Skip to main content

LATEST UPDATES: Tracking COVID-19 | Racial Justice | Election 2020

Facebook Says Some Users’ Private Photos Were Accidentally Shared With Developers

Photo caption:

Photo by Timothy A. Clary AFP/Getty Images

Facebook employees talk to visitors at a one-day Facebook pop-up kiosk in Bryant Park in New York City on Thursday. The company was fielding questions about its data-sharing practices and teaching users how to understand its new privacy controls. The next day, Facebook announced that a "bug" that had inappropriately shared users' private data — this time, their photos.

For nearly two weeks in September, developers who created apps for Facebook were able to access user photos that they should never have been allowed to see, the social media company announced Friday.

Up to 6.8 million users may have been affected, Facebook says.

The "bug" affects users who gave permission to a third-party app to access their Facebook photos. Normally, that would only include photos that someone actually posted to their timeline.

But between Sept. 13 and Sept. 25, other photos were available, as well: Photos that a user posted to Marketplace, Facebook's platform for selling or buying goods. Photos posted to Stories, the platform for sharing images that disappear after 24 hours.

Even photos that were never actually posted on Facebook at all — if a user had started to post a photo, then changed their minds, that picture also could be shared with developers.

It didn't matter what privacy settings a user had placed on their images or posts.

"We're sorry this happened and we're instructing developers to delete the photos," Facebook says.

Facebook users can learn whether their photos were involved in the bug by visiting a page on Facebook's help site.

It's not clear when Facebook discovered the breach, or how it was repaired.

Facebook has been under close scrutiny for how it handles — or mishandles — the massive quantity of user data it has accumulated.

This fall, Facebook announced that a security breach affected millions of its users and exposed their personal data, including information such as location and recent searches, to malicious actors.

And earlier this year, the Cambridge Analytica scandal revealed that millions of people had their data harvested without their consent, information that was then used to build profiles for political campaign purposes.

Copyright 2018 NPR. To see more, visit


San Diego News Matters podcast branding

KPBS' daily news podcast covering local politics, education, health, environment, the border and more. New episodes are ready weekday mornings so you can listen on your morning commute.

  • Need help keeping up with the news that matters most? Get the day's top news — ranging from local to international — straight to your inbox each weekday morning.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Curious San Diego banner

Want more KPBS news?
Find us on Twitter and Facebook, or sign up for our newsletters.

To view PDF documents, Download Acrobat Reader.