Facebook acknowledges photo privacy bug; Issues immediate fix

Facebook has said that it fixed a bug that had allowed users to access other users' photos, even if their profile pages were locked down.
Written by Zack Whittaker, Contributor

Facebook has fixed a bug with its reporting tool, which inadvertently gave users access to private images on other people's profile pages.

The world's largest social network, with an estimated 850 million users, issued a statement a short time ago confirming the bug had been fixed.

Facebook acknowledged there was a glitch in the system, which allowed users to access off-limit photos of other users, but claimed that only a limited number of users were affected. Facebook did not disclose how many people were affected.

(Source: Flickr)

Many users have their Facebook profile locked down. Only profile picture data is often available to display on some profiles. Users who took advantage of this flaw were able to 'report' a profile picture as 'nudity or pornography', which then led to the 'reporting' tool to display the images.

However, images of Facebook chief executive and founder Mark Zuckerberg were uploaded to image-sharing sites after his own profile was exploited.

A Facebook spokesperson said that a bug was "discovered in one of our reporting flows" that allowed users to report multiple instances of inappropriate images, posts, or other content.

The bug was discovered in "one of our most recent code pushes", but said that the code was live "for a limited period of time".

This seems to support what users found, including us at ZDNet. In some instances, the flaw displayed images that should have been hidden behind privacy settings, but in some cases it did not.

"Not all content was accessible", the spokesperson said, adding that the flaw displayed "only a small number of one's photos". Once the bug was discovered, the system was immediately disabled. The reporting facility will be brought back to full capacity once Facebook can "confirm the bug has been fixed"

Facebook reaffirmed its commitment to data privacy, stating that the integrity of user data was "top priority" for the company.


Editorial standards