Another day, another Facebook privacy scandal... And this time, it’s extra creepy.

In December, Facebook disclosed that the social network had experienced a bug where up to 6.8 million users’ unposted photos were leaked to various third-party apps. That’s right: Facebook kept copies of photos that users never even fully uploaded to the site — photos that were never publicly shared — and then accidentally made them available to third parties.

It’s a PR nightmare for a company already under intense scrutiny for its data breaches and privacy woes. Here’s what you need to know.

What Happened

On Facebook, users can give an app permission to access their photos — in which case the app is only supposed to be able to pull timeline photos. However, the Photo API bug made it so that apps could also receive users’ Marketplace photos, Facebook Stories, and photos that were uploaded to the site but never actually shared.

This photo glitch was active for 12 days and was discovered and fixed on September 25. However, two whole months passed before Facebook notified the European Union’s privacy watchdog, the Office of the Data Protection Commissioner (IDPC), about the data breach.

And what’s worse, no public announcement was made until December 14. The IDPC is currently performing a statutory inquiry into the breach.

Why It All Matters

If you’re counting on Facebook to keep your photos, videos, and personal data secure, you’re probably in for a bad time. The company has repeatedly made missteps, suffered data breaches, and implemented policies that led to real harm for users.

At a congressional hearing earlier this year, Facebook CEO Mark Zuckerberg said, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.” ...And it’s looking more and more like that’s true. If you’re ready to get all your data off of Facebook and delete your profile, check out our previous blog post with step-by-step instructions here.

Whether you choose to delete Facebook or not, it’s important to take stock of your online accounts and investigate how much of your personal data companies have access to — and what they’re doing with it. In a previous post, we talked about how major companies’ repeated apologies ring hollow after so many data breaches. It’s pretty disheartening for those who care about data privacy.

What We’re Doing Differently

Unlike many tech companies that thrive on accessing, using, and selling your personal data, we at Amber have an entirely different approach. Our all-in-one smart storage platform provides you with your own personal hybrid cloud that’s always secure and always private.

That’s why Amber collects only the personal information that is absolutely necessary for baseline file-sharing functionality with user identity management. And your data is always stored locally — the safest method of storage — with the option to access your data remotely and have it available to you at a moment’s notice anywhere in the world. You are the one in full control of your own data — as it should be.

Our number one concern is your security and digital privacy. We believe your precious memories deserve nothing less.

To learn more about Amber and our commitment to your privacy, check out the recent VentureBeat article featuring why we received $13 million in funding for our groundbreaking technology.