Facebook Flaw Exposed Private User Photos

Ryan Whitwam

For a few hours today, Facebook users were able to snoop around in other users’ private photos thanks to a flaw in the Facebook code. Interestingly, the issue was present in the abuse reporting tool. The flaw did not expose all a user’s photos, but several choice snapshots could be harvested with the hack. Facebook patched the exploit, but not until the Internets snatched some of Zuckerberg’s personal photos.

Here’s how it worked: a user could click the report “inappropriate profile photos” link on someone’s page to start the process. If they selected “nudity or pornography” as the reason, the reporting tool would have the reporting party point out an offending photo to help the Facebook staff confirm the infraction. The issue being that the system would pull up even private photos here. If the two users were friends, the full-resolution version could be snatched.

Facebook confirmed and fixed the problem shortly after it was reported, but it just goes to remind us that nothing you put on the Internet is truly private. Do you keep images on Facebook you’d prefer others not see?

Around the web