A security flaw in Facebook’s image reporting tool has been blamed for the unauthorized viewing of private photos, including those belonging to site founder Mark Zuckerberg.
The flaw was identified by a member of a bodybuilding forum who discovered that reporting an inappropriate Facebook photo allowed users to access other non-public photos belonging to an individual with allegedly questionable images.
Unsurprisingly, Facebook has already patched the flaw and issued an official statement about the incident.
“Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously,” the social networking site told ZDNet.
“The bug, was a result of one of our most recent code pushes and was live for a limited period of time. Not all content was accessible, rather a small number of one’s photos. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.”
It should be noted that Facebook and the Federal Trade Commission (FTC) recently clinched a deal to settle charges that the site deceived users by sharing their private information.
The FTC’s 8-count privacy violation complaint against the site listed a number of instances in which FB violated its own privacy rules, including publicly sharing friend lists, granting third-party apps access to personal user data, failing to enforce a verified apps program and reneging on a pledge not to share personal info with advertisers.
The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including providing users with “clear and prominent” notice, while obtaining express consent before information is shared beyond existing privacy settings.