Facebook acknowledges photo privacy bug; Issues immediate fix

Facebook acknowledges photo privacy bug; Issues immediate fix

Summary: Facebook has said that it fixed a bug that had allowed users to access other users' photos, even if their profile pages were locked down.


Facebook has fixed a bug with its reporting tool, which inadvertently gave users access to private images on other people's profile pages.

The world's largest social network, with an estimated 850 million users, issued a statement a short time ago confirming the bug had been fixed.

Facebook acknowledged there was a glitch in the system, which allowed users to access off-limit photos of other users, but claimed that only a limited number of users were affected. Facebook did not disclose how many people were affected.

(Source: Flickr)

Many users have their Facebook profile locked down. Only profile picture data is often available to display on some profiles. Users who took advantage of this flaw were able to 'report' a profile picture as 'nudity or pornography', which then led to the 'reporting' tool to display the images.

However, images of Facebook chief executive and founder Mark Zuckerberg were uploaded to image-sharing sites after his own profile was exploited.

A Facebook spokesperson said that a bug was "discovered in one of our reporting flows" that allowed users to report multiple instances of inappropriate images, posts, or other content.

The bug was discovered in "one of our most recent code pushes", but said that the code was live "for a limited period of time".

This seems to support what users found, including us at ZDNet. In some instances, the flaw displayed images that should have been hidden behind privacy settings, but in some cases it did not.

"Not all content was accessible", the spokesperson said, adding that the flaw displayed "only a small number of one's photos". Once the bug was discovered, the system was immediately disabled. The reporting facility will be brought back to full capacity once Facebook can "confirm the bug has been fixed"

Facebook reaffirmed its commitment to data privacy, stating that the integrity of user data was "top priority" for the company.


Topics: Social Enterprise, CXO, Data Centers, Enterprise Software, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Facebook Photos

    Cool. Didn't know that is possible with the facebook photo-reporting tool.

    I remember around 2009 I also emailed and reported to facebook regarding some problems with facebook automatically posting new photos in wall.
    That previous privacy flaw happens if you upload new pics in your account, those new pics are also displayed in your wall to update all of your friends. The problem with that is when you have locked your photos and albums (so only direct friends can access them) yet you didn't lock your wall. The pics can still be accessed in walls by any individual not in your network. Hence your pics and albums are actually free for the public and whole planet to access. But the settings option was updated just this year and that bug was fixed.

    But as what Avoid Facebook posted above, there is no privacy with facebook.
    In fact I have a feeling it is being monitored by the secret service and the feds, I commented on a friend to just blow-up his train, in CityVille, with missiles because he keeps on asking me with train-network in his CityVille and I don't play games in FB, the following day his train started working even without acceptance from anyone. So someone has seen the word 'missiles' and 'blow-up' in CityVille and everything suddenly worked. Strange story but this is true.
  • RE: Facebook acknowledges photo privacy bug; Issues immediate fix

    Anyone is free to stop using the FREE service provided by Facebook and choose another social media website
    Scarface Claw
    • RE: Facebook acknowledges photo privacy bug; Issues immediate fix

      @Scarface Claw ,,, and have DFFERENT sxamps perpetrated on them! It's a greedy worlkd out there folks; beware.
  • Facebook programmers can't examine their own code?

    It seems odd that outsiders have to keep showing Facebook every security hole. In theory the company's own staff should be able to "walk" the code and prepare flow-charts. This might show them all the circumstances under which data can be extracted. That they haven't done this appears to be a glaring piece of negligence, and show just how poor the proprietary coding model is, compared to open-source free programming by the public.
    • RE: Facebook acknowledges photo privacy bug; Issues immediate fix

      @peter_erskine@... Open source, free programming by the public is no different and in fact often worse trying to convince those egoes they erred. There is little to support the claimed concept and much to say otherwise.
  • RE: Facebook acknowledges photo privacy bug; Issues immediate fix

    Oh I think they find all kinds things and fix them as fast as they can before you even know about them. About a year ago I signed in and got another account. I snooped through their pics and stuff. They seemed like nice folks judging from the pics and text so I just signed out. A few days before a young lady had that happen to her too. After that they must have fixed the glitch because it never happened again.
    When you get something as big as facebook some of it has to be fixed as you go along.
    Rick Sos