Facebook’s troubles are far from over and admittedly we’re getting tired of seeing our data be compromised. This time around the company revealed that a photo API bug gave third-party apps access to more photos than they should’ve, including those that haven’t even been posted. Facebook assures users the issue has been fixed but for 12 days between September 13 and 25, these apps had access to “a broader set of photos than usual.” It affected up to 6.8 million users and up to 1,500 apps built by 876 developers.

The apps affected by the bug were the ones who have approved access to photos API and users have authorized access to their photos. The broader set of images they possibly gained access to include those shared on Marketplace, Facebook Stories, as well as those photos people uploaded to Facebook but chose not to post. Those photos that either didn’t finish posting or you decided against putting up. The company claims they keep these for three days, so the user can come back to complete these posts.

This is what affected users should see in the Help Center

The company says they will be rolling out a tool for app developers to determine which users have been impacted by the bug and they will work with these developers to delete the photos of affected users.

Facebook said it would also reach out to affected users and the notification they get will redirect them to a Help Center link to show if they’ve used any apps affected by the bug. You can see what that would look like in the photo above. Facebook also recommends its users to log into any apps they give Facebook photo access so they can double check if these have any photos that shouldn’t be there.