The social network stated in a blog that this problem has already been resolved, but that it could concern up to 1,500 applications designed by 876 developers.
Mark Zuckerberg’s group pointed out that some of these third party applications may have had access to a greater number of number of photos than usual for 12 days, between September 13 - 25.
As well as letting developers access photos on a user's timeline, it gave them access to photos posted in Stories and Marketplace, among other features.
This includes photos that a user may have started to post, but abandoned before actually publishing, because Facebook keeps a copy of the draft in the event a user might want to finish uploading it later.
The company said it would notify affected users.
This bug is the latest in a series of privacy scandals that the technology giant has suffered this year, including the Cambridge Analytica scandal in April and the data breach of nearly 30 million accounts in October.