Dec. 7, 2011 at 10:34 AM ET
A glitch in the system used to report inappropriate images on Facebook briefly allowed users to view others' private photos. No one's pictures were safe — not even those belonging to Facebook founder and CEO Mark Zuckerberg.
Members of the BodyBuilding.com forums were among the first to discover the glitch and they quickly put together detailed instructions on how it could be exploited by those wishing to view private images of friends and strangers.
It didn't take long for a link to those instructions to make its way around the Internet and for folks to start snooping on their former lovers, enemies, teachers, bosses, employees ... and on Facebook's own Mark Zuckerberg.
At some point someone even posted a small collection of the social network founder's private photos to image-sharing service Imgur with a caption proclaiming that "it's time to fix those security flaws Facebook." (Those once hidden images have now been viewed nearly half a million times.)
The method used to acquire those — and other private photos — was pretty simple, as explained by BodyBuilding.com forum member ThePoz:
All someone needed to do is pick a target, click the "report/block" button on his or her profile and then select "inappropriate profile photo" when asked why the profile is being reported.
On the next prompt, the snooping user would have to claim that the image is inappropriate because it contains "nudity or pornography." After that, he or she would check a box to "report [the image] to Facebook."
The final step is to helpfully offer to "help [Facebook] take action by selecting additional photos to include with [the] report." And tada! Suddenly a selection of the reported users photos appears — including the ones which are private.
We reached out to Facebook for an explanation of what happened when we first heard about this privacy glitch. The company replied as it issued a fix:
Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously. The bug allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos. This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.
The privacy of our user's data is a top priority for us, and we invest significant resources in protecting our site and the people who use it. We hire the most qualified and highly-skilled engineers and security professionals at Facebook, and with the recent launch of our Security Bug Bounty Program (http://www.facebook.com/whitehat/), we continue to work with the industry to identify and resolve legitimate threats to help us keep the site safe and secure for everyone.
Long story short? Your private Facebook photos are private once again — or as private as anything uploaded to the Internet could be.
Want more tech news, silly puns, or amusing links? You'll get plenty of all three if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.