A number of Mark Zuckerburg's private Facebook photos have been posted online after a flaw in the site was uncovered by users of a bodybuilding message forum.
Users were able to see private photos by exploiting a weakness in Facebook's reporting functions. Prior to Facebook addressing the issue, users could highlight a photo as inappropriate and then choose to include and view additional photos in the report, some of which could have been private.
Facebook needs to stop making mistakes when it comes to its members' privacy.
It took personal images of Zuckerburg, showing snippets from his personal life including an image of the social network's chief holding a dead chicken, for Facebook to fix the issue.
"In many ways it's good that Zuckerberg's account was targeted - if it such a high profile figure hadn't fallen victim, the flaw might have continued to have been exploited for much longer opening up opportunities for stalkers and others to view private photos," said Sophos chief technology consultant Graham Cluley, in a blog post.
"Facebook's programmers are experimenting with new features and are testing them out on the live site without, in this case at least, the code being properly reviewed with privacy in mind."
Facebook said the flaw was only live for a limited period of time and it was working on a permanent fix for the bug.
"Facebook needs to stop making mistakes when it comes to its members' privacy. Once users' trust is broken, it will be very hard to restore," Cluley added.
This is not the first time Facebook has found itself under the spotlight over photo privacy. In January, IT Pro found that by simply right clicking and selecting copy image location' on a photo, whether private or not, friends who had seen the picture could then paste the image URL to share it with unauthorised users, even those not on Facebook.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Latest Meta GDPR fine brings 12-month total to more than €1 billionNews Meta was issued with two hefty GDPR fines for “forcing” users to consent to data processing
-
"Unacceptable" data scraping lands Meta a £228m data protection fineNews The much-awaited decision follows the scraping of half a billion users' data and received unanimous approval from EU regulators
-
Meta notifies around 1 million Facebook users of potential compromise through malicious appsNews The vast majority of apps targeting iOS users appeared to be genuine apps for managing business functions such as advertising and analytics
-
Facebook business accounts hijacked by infostealer malware campaignNews Threat actors are using LinkedIn phishing to seize business, ad accounts for financial gain
-
Meta begins encrypting Facebook URLs, nullifying tracking countermeasures
News The move has made URL stripping impossible but will improve analytics
-
Meta hit with €17 million fine over multiple GDPR breachesNews The social media giant set aside over €1 billion in November to help it cope with potential fines arising from data protection investigations
-
Meta says Apple's iOS privacy changes will cost it $10 billion in 2022News The company's CFO suggests Google "faces a different set of restrictions" because it pays Apple to remain the default iOS search engine
