Facebook has exposed private photos to over 6.8 million users of their website to unauthorized developers and application owners to have full access to without your knowledge. The breach occured a few months ago and is just now coming into light as the company acknowledges the security leak and flaw in their system and have stated that they have fixed this issue and it is no longer happening.
However it is important to note that if you are a consumer who had their pictures accessed, you will recieve a notification the next time you visit Facebook in which they will alert you and let you know about the photo breach that happened on your account. So if you got a message like this, it was not a hoax! This truly did happen to you if that was the case.
Not only were these application developers able to view photos that you have uploaded, any photos that you drafted (as in uploaded but never actually hit "post" on and deleted the post later) were still able to see those photos as well. A total of 876 different developers across 1500 applications had the ability to do this unrestricted for an unknown amount of time before the breach was discovered.
Facebook has said it ranged from applications that you might use on Facebook to websites that you "Logged in with Facebook" instead of creating an email or username for that particular site.