(LiveHacking.Com) – A bug in Facebook which allowed any Facebook user to access another user’s most recently uploaded photos, bypassing all privacy settings, has been exploited to post pictures from Mark Zuckerberg, Facebook’s founder, private collection.
14 pictures in total of Mr Zuckerberg were posted to image site Imgur with the headline: “It’s time to fix those security flaws Facebook”.
“The bug allowed anyone to view a limited number of another user’s most recently uploaded photos irrespective of the privacy settings for these photos,” said Facebook in a statement. “This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.”
The bug was found in Facebook’s system used to report inappropriate public profile picture. Once a report was made, Facebook automatically offered more pictures from the person’s profile and asked the reporting user to flag any other unacceptable pictures. However it turns out that the thumbnails shown were easy to enlarge and download.
This latest privacy failure comes just days after the FTC and Facebook announced a settlement over complaints that Facebook deceived its users with regards to privacy. At the time of the settlement Zuckerberg wrote that it is normal to be skeptical about Facebook’s role in how hundreds of millions of people share their personal information online. “Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected,” he said.