Facebook exposed private photos from up to 6.8 million users to apps that weren’t supposed to see them, the company said today. These apps were authorized to see a limited set of users’ photos, but a bug allowed them to see pictures they weren’t granted access to. These included photos from people’s stories as well as photos that people uploaded but never posted (because Facebook saved a copy anyway). This photo API bug that may have been affected by nearly 68 million users.
This photo API bug Find by the Facebook internal security research team and it affected only users who have login Facebook and granted permission third-party apps in order to access their photos.
Due to this bug, Facebook believes that some of the developers may have had an access to the photos which is not posted(just uploaded) by users for 12 days in between 13 to September 25, 2018.
if you’re one of the victims among millions just check this link that provides by Facebook.