Facebook exposed the photos of millions of users without their permission, the social media network announced on Friday.
The internal team at Facebook said they discovered a bug which affected people who gave third-party applications limited access to their user profiles.
As many as 1,500 apps built by 876 developers could have obtained the photos over a 12-day period in September.
The bug allowed developers to access the private photos of users, as well as photos that people uploaded but had yet to post to their profiles, Tomer Bar, engineering director at Facebook said.
"We're sorry this happened," Bar said in a blog post.
The incident happens while the company is already under scrutiny for data privacy concerns. Earlier this year it was reported that Cambridge Analytica, a data firm used Facebook to obtain the data of tens of millions of people.
Facebook added it will notify individuals that may be affected by the bug, and is working with developers to delete the photos from impacted users.