Only a handful of images are presented to the user as part of the 'report' feature, which is used by Facebook to maintain decency and remove harmful images, posts or content.
Here's how it works:
Users are able to report "inappropriate profile photos" on a user's profile. By checking the box "nudity or pornography," the user is granted an opportunity to help Facebook "take action by selecting additional photos to include with your report." Facebook will then display a number of additional photos that are not otherwise publicly available to the user.
Photos (such as the one below) were taken directly from Mark Zuckerberg's private photo collection on his profile and posted. Ed note: We debated the photo selection and whether to run one at all. We initially posted the Obama-Zuckerberg and then went with a dinner party. We flipped back to the picture with the most public figures. Ultimately, we decided running the picture made sense.
The forum explored a number of the flaw's details. For example, private photos that are hidden or inaccessible to people who are friends, can not only be accessed but can be enlarged to their full scale.
Some browsers restrict this flaw.
One thing to note: Exploiting this flaw requires reporting a Facebook member.
But this flaw is open for anyone to use -- and abuse. While Facebook anonymises the data that it gets through this reporting tool, the user whose profile pictures can be viewed will not know that their privacy has been invaded.
"Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously.
The bug, was a result of one of our most recent code pushes and was live for a limited period of time. Not all content was accessible, rather a small number of one's photos. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed."
Facebook added that the privacy of our user's data is a top priority for the company, and Facebook invests lots of resources in protecting our site and the people who use it.