It cited a Facebook statement from December as saying the company had discovered a photo API bug that allowed third-party applications to access Facebook user photos.
KVKK said that around 300,000 users in Turkey may have been affected by this data breach. It also said that the API bug occurred for 12 days in September last year and Facebook not intervening in time showed there were deficiencies in technical precautions regarding the issue.