The breach began on September 13th and wasn’t discovered until September 25th. It enabled user approved apps unauthorized access to timeline photos, Facebook Stories, Marketplace photos and even pictures that were uploaded to Facebook but never shared.   

A blog post published by the social networking service on December 14 said, “We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users. We will also notify the people potentially impacted by this bug via an alert on Facebook. The notification will direct them to a Help Center link where they’ll be able to see if they’ve used any apps that were affected by the bug. We are also recommending people log into any apps with which they have shared their Facebook photos to check which photos they have access to.”

The recent snafu followed a number of other significant privacy failures by Facebook including one in September in which hackers were able to scrape 30 million people’s information. Facebook CEO Mark Zuckerberg issued a statement to Congress regarding the ongoing security breaches, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.” It’s estimated that there’re over 2 billion monthly active users on the website.