So, uh, how the heck did this happen? According to the statement, the "bug" was related to the Facebook login that allows people to sign into other apps user their Facebook account. Essentially, it allowed those apps to access user photos they shouldn't have been able to see. It says it learned of the the breach on September 25, and that up to 1,500 different apps may have been able to access the photos. It's unclear why Facebook waited nearly three months to come clean about what happened, though as The Verge speculates, it may be because it's in the thick of dealing with an even larger breach that was also discovered on September 25.
If you are one of the unlucky ones whose photos may have been affected, you'll receive a notification similar to the one shown above. Facebook said it will also be rolling out tools to app developers to help determine which of their users may have been impacted, and work with them to delete the photos that may have been accessed.
And just in case this is the last straw for you, here's some handy info for those ready to finally pull the plug.