Brief Facebook exploit saw Zuckerberg private photos posted online

If there's one photo out of a whole load you wouldn't want to appear in the public gaze, as the CEO of Facebook, it's probably you triumphantly brandishing a chicken.  This was, unfortunately, the case for Mark as a short-lived Facebook bug meant users could see recently uploaded photos regardless of your settings surrounding privacy.

Fourteen pictures of Mr Zuckerberg were posted to image site Imgur under the headline: "It's time to fix those security flaws Facebook."  The aforementioned security flaws were exploited via falsely reporting the user for an inappropriate profile photo, which then gave you an option to check that would display additional images for potential flagging.  A means for probably giving the user the power to enforce against more inappropriate photos, just got devious.  In a statement, the social network told us:

The bug allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos. This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.

The flaw was found by Bodybuilding.com forums (a place where we will never be), who used it against Mark by gathering his personal photos and uploading them on photo sharing site imgur.  As they said, it's now been fixed; but this is proof (if we ever needed any) that both companies and users should be careful with what data they share as services that could be added initially for beneficial thoughts could be used for something very different.

see the big picture about facebook

Facebook Timeline releases today

Facebook introduces sentiment analysis for testing

Facebook status character limit increases to over 60,000


Jason England

I am the freelance tech/gaming journalist, lover of dogs and pizza enthusiast. You can follow me on Twitter @MrJasonEngland.

http://stuff.tv/team/jason-england
Previous
Previous

Blogger charged $2.5 million for not being a journalist

Next
Next

Official Xbox Live app available on iOS