Facebook has revealed that a software bug exposed the photos of up to 6.8 million users, including pictures they had not posted.
It made the announcement a day after hosting its pop-up privacy experience "It`s Your Facebook" in New York`s Bryant Park.
It said several third-party apps had access to "a broader set of photos than usual" for 12 days in September.
The company said it would notify affected users.
It is the latest in a series of data breaches at the social network, which has faced scrutiny following the Cambridge Analytica data scandal.
"When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline.
"In this case, the bug potentially gave developers access to other photos," the company said in a blogpost.
It said up to 1,500 apps were affected by the glitch.
As well as letting developers access photos on a user`s timeline, it gave them access to photos posted in Stories and Marketplace, among other features.
It also let them see photos that people had uploaded but not posted on Facebook, for example if they had started writing a post but not finished it.
Facebook said it would be working with affected developers to help them "delete the photos from impacted users".
- Here`s How You Can Delete Voice Recordings on Your Smart Devices
- Facebook workers listened to Messenger conversations
- Biostar security software `leaked a million fingerprints`
- Top 5 BEST Smartphones of 2019. So Far
- Facebook letter fails to satisfy DCMS chair Damian Collins
- Amazon quizzed over `Choice` store ratings
- AI reads books out loud in authors` voices
- Minecraft ditches Super Duper graphics plan
- 10 YOUNG MEN`S Style Tips to Look COOLER Than Other Guys!
- In fighting deep fakes, mice may be great listeners