Facebook Says 6.8 Million People's Private Photos Were Exposed in New Leak

To say that Facebook has had a rough couple of years would be a spectacular understatement. The company has come under fire repeatedly for its role in helping spread fake news during the 2016 presidential election, allowing unwitting users' data to be harvested by third parties for political purposes, and security breaches it's been forced to own up to. Now, it has yet another mess on its hands: Up to 6.8 million users' private photos may have been exposed due to a "bug." 

In a note posted on its developer blog Friday, Facebook acknowledged it recently discovered that the private photos of up to 6.8 million users may have been exposed to third party apps that weren't supposed to see them, per TechCrunch report. Specifically, it said the affected photos included those in people's stories and ones that users uploaded but never actually posted. In a statement, the company said it will be notifying affected users with a Facebook alert in the coming days. 

So, uh, how the heck did this happen? According to the statement, the "bug" was related to the Facebook login that allows people to sign into other apps user their Facebook account. Essentially, it allowed those apps to access user photos they shouldn't have been able to see. It says it learned of the the breach on September 25, and that up to 1,500 different apps may have been able to access the photos. It's unclear why Facebook waited nearly three months to come clean about what happened, though as The Verge speculates, it may be because it's in the thick of dealing with an even larger breach that was also discovered on September 25. 

If you are one of the unlucky ones whose photos may have been affected, you'll receive a notification similar to the one shown above. Facebook said it will also be rolling out tools to app developers to help determine which of their users may have been impacted, and work with them to delete the photos that may have been accessed. 

And just in case this is the last straw for you, here's some handy info for those ready to finally pull the plug. 

There are two ways you can go about saying goodbye to Facebook: deactivating your account and deleting your account. While deactivating your account is meant to be a temporary move, deleting your account is permanent. Here’s how to do both, according to Facebook’s Help Center.

To temporarily deactivate your account:
1. Click the down arrow menu button at the top right of any Facebook page
2. Click Settings
3. Click General in the left column
4. Click Manage your account, then click Deactivate your account and follow the instructions from there

To permanently delete your account:
1. Click the gear symbol at the top right of any Facebook page
2. Click Settings
3. Click Your Facebook Information in the left column
4. Click Delete Your Account and Information, then click Delete My Account

h/tThe Verge

Sign up here for our daily Thrillist email and subscribe here for our YouTube channel to get your fix of the best in food/drink/fun.