A recent exploit in Facebook was discovered that allows anyone to view another to see images that are marked as private. On Monday a user of a popular bodybuilding forum placed a post entitled "I teach you how to view private Facebook photos" which involved the exploitation of security systems meant to stop users from posting explicit material on the site.
The hack involved flagging a public profile picture as "inappropriate" (typically due to nudity or pornography). The intruders were then offered the chance to report more photographs posted by the same offending user. The Facebook system would then present the would be hacker with a thumbnail gallery of other private images, which could then be enlarged by making a simple change in the browser address bar and downloaded to the hacker’s computer.
It seems that even Facebook’s privacy controls are not as safe as touted by the popular online social giant despite many ongoing attempts to revamp them. A Facebook spokesman said: "We discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously". Facebook appears to have corrected the exploit very quickly but not fast enough to stop the forum poster uploading private pictures of Mark Zuckerberg as evidence that the hack was successful.
The 14 pictures were posted anonymously on an image sharing website under the heading "It’s time to fix those security flaws Facebook."
Included in the leaked photos were a series of candid shots involving Zuckerberg’s girlfriend, Priscilla Chan and his Hungarian sheepdog puppy, “Beast.” The private photographs also include a picture of Zuckerberg holding presumably dead chicken by its legs and another of him holding a plate of breaded chicken and chips; Zuckerberg has stated previously that he only eats meat from the animals that he kills himself.
This exploit comes at a sensitive time for the social giant. Last week Facebook admitted "a bunch of mistakes" after American regulators accused it of "unfair and deceptive" privacy practices. The Federal Trade Commission investigated a series of controversies over sharing user data with advertisers, access to user data by third party apps and changes to privacy settings that made more user data public without warning.