Facebook fixes photo privacy bug
WASHINGTON — Facebook has fixed a bug that allowed the viewing of some private photographs of other members and which was reportedly used to access personal pictures of founder Mark Zuckerberg.
The bug involved Facebook’s system of reporting inappropriate images on the social network.
By reporting a member’s profile picture as inappropriate a user was asked whether they had other photographs to report, providing access to other private pictures.
The glitch was first revealed in a bodybuilding forum at bodybuilding.com.
“We discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously,” Facebook said in a statement.
“The bug allowed anyone to view a limited number of another user’s most recently uploaded photos irrespective of the privacy settings for these photos,” it said.
“This was the result of one of our recent code pushes and was live for a limited period of time,” Facebook said.
“Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed,” it said.
An unidentified Facebook user who exploited the bug posted 14 pictures of Zuckerberg to the image-sharing website Imgur along with the comment: “It’s time to fix those security flaws Facebook…”
The user claimed they were taken from Zuckerberg’s Facebook page although a number of the pictures have previously been released publicly.
Facebook, which has more than 800 million members, agreed in a deal with the US Federal Trade Commission last week to tighten its privacy policies and submit to external audits in order to settle charges that it abused users’ personal data.
In its statement about the photo bug, Facebook said “the privacy of our user’s data is a top priority for us, and we invest significant resources in protecting our site and the people who use it.”