An update to the Facebook system left a large loophole in the security of people’s profile allowing anyone to see images on anyone else’s profile – even those marked private.
Part of the Facebook security system, allows users to flag an image as inappropriate or pornographic. They are then given access to other images by the same user to check if they are also inappropriate – and because of the flaw even images marked ‘private’ are made available.
The flaw was highlighted by one user who tagged one of Zuckerberg’s photos as inappropriate and then got access to his private album, reposting them on photo sharing site Imgur, under the title: “It’s time to fix those security flaws facebook…”
The 13 images show Zuckerberg at home with his girlfriend Priscilla Chan, meeting Barack Obama and playing with his dog. However, the Guardian is reporting that the loophole may have more serious consequences, as it lets adults view pictures of children as young as 13 – citing comments posted on a bodybuilding site.
Following the public embarrassment of having its founder’s private pictures posted across the internet, Facebook has moved quickly to shut down the security flaw. In a statement today, it said: “Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously. The bug allowed anyone to view a limited number of another user’s most recently uploaded photos irrespective of the privacy settings for these photos.”
“This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.”
Facebook, which is valued at around $100 billion, only last week signed a 20-year agreement over privacy issues with the Federal Trade Commission in the US which had hit out at Facebook for changes it made to users profile pages privacy settings two years ago.
Pictures: Mark Zuckerberg (Facebook)