Dec. 14 (UPI) -- Social media giant Facebook said Friday it's discovered a bug may have allowed a third-party app to access more photos than users intended when they granted permission.
The bug could affect up to 6.8 million users, the company said in a blog post.
Facebook said although the bug was fixed, some third-party apps had access to photos from Facebook Marketplace or Facebook Stories between Sept. 13 and Sept. 25. Also, photos in the process of being uploaded, but not completed, were also vulnerable.
Facebook said when the uploading process is interrupted, it retains those photos on file.
There are more than 1,500 third-party apps built by 876 developers that could have broader access to photos than what was allowed, the company said.
"The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos," Facebook said. "We're sorry this happened."
Those impacted by the bug will be sent an alert via Facebook with a link to the help center. Users are encouraged to log into any apps that have shared their Facebook photos to see which ones they have access to.
Facebook said it will roll out tools next week for app developers to determine which people using their app were impacted. The photos that were not authorized to be accessed will be deleted from those apps.
The bug, however, did not affect photos shared privately through the messenger app, Facebook said. It also didn't affect photos on mobile devices but not uploaded to Facebook.