SAN FRANCISCO -- Facebook announced Friday that it had discovered a bug that allowed outsiders access to private photos, potentially affecting some 6.8 million people who use the service.
"We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual," Tomer Bar, an engineering director at the company, said in a blog post.
The announcement is the latest in a string of problems the social network has had with consumer data. In March, The New York Times reported that Cambridge Analytica, a third-party firm, harvested the data of Facebook users without their express knowledge or consent. And in September, a separate, more serious breach gave hackers full access to the Facebook accounts of tens of millions of users.
About 1,500 third-party apps had access to users' uploaded photos -- even if the users had not posted them publicly to Facebook -- from Sept. 13 to Sept. 25.
Facebook said the number of people affected was probably smaller than 6.8 million, because it doubted that all 1,500 apps gained access to the social network during that 12-day period. The company said it was contacting the 876 developers who built the apps and asking them to check and delete any photos they may have retrieved improperly.
"We're sorry this happened," Bar added.
Facebook has repeatedly pledged to better protect user information.
"If we can't, then we don't deserve to serve you," Mark Zuckerberg, the company's chief executive, said in a note to users this year.
But the bug reported Friday prompted more scrutiny in the United States and Europe of whether the company was following through on those promises.
The announcement is likely to raise questions among federal regulators about whether Facebook violated a consent decree with the Federal Trade Commission in 2011. Under the agreement, Facebook is prohibited from misrepresenting its privacy and security practices. It also requires the company to obtain users' consent before overriding their privacy choices, and to institute a comprehensive program to protect the privacy and security of users' data.
In March, in the wake of revelations about Cambridge Analytica, the Federal Trade Commission said it was investigating Facebook's data-handling practices.
David Vladeck, a former director of the Federal Trade Commission's bureau of consumer protection, said it was possible that Facebook's failure to anticipate and address the latest data privacy problem violated the agreement. Vladeck oversaw the commission investigation that led to the consent decree.
"If Facebook can't control access by third-party apps, they are going to be in constant trouble with the Federal Trade Commission -- and the public at some point is just going to revolt," Vladeck said. "This is just not acceptable."
The commission declined to comment.
European regulators have signaled a strong displeasure with Facebook's privacy policies. The company's main data-protection regulator in the European Union, the Irish Data Protection Commission, said Friday that the mounting number of problems required a deeper investigation. Ireland is Facebook's lead privacy watchdog in the EU because the company's European headquarters is in Dublin.
Business on 12/15/2018