In a Nov. 27 post on the Web forum Bodybuilding.com, an anonymous writer listed step-by-step instructions on how to access photos uploaded by other Facebook members, even if the images had been marked as private.
The process involved a Facebook feature that lets users identify pornographic or inappropriate images on the site. The forum post showed that by flagging another user’s profile, one Facebook member was able to gain access to the other’s private images.
The glitch and resulting private photos of Zuckerberg went viral when software engineer Mike Rundle, of Raleigh, North Carolina, posted a link to them the on photo-sharing website Imgur, the Daily Mail reports.
But Rundle said he first saw the photos linked from a discussion on the online forum Hacker News.
Web site Hacker News was rather dismissive in its description of what happened and what it means to Facebook and its privacy. Posts in a forum on the web site show users discussing the flaw, with various degrees of disgust.
“Your bounty of $500 is quite low. I bet this whole incident did/does a lot more damage than that. And to be honest, if I had the choice between $500 and trolling Mark Zuckerberg by posting his private photos album online, I would probably chose the latter option,” says one poster.
“If that doesn’t prove that FB’s developers aren’t thinking about security, I don’t know what would. Nobody who is in a culture of protecting security would even consider building this,” adds another.
Zuckerberg’s long-time girlfriend Priscilla Chan is pictured in most of the photos. Some of them can be viewed publically on his public Facebook profile, but others are said to be private.
According to the report, users were able to look at the private photos by ‘reporting’ a profile picture as ‘inappropriate’, which then saw other photos displayed, such as those of Zuckerberg.
Meanwhile, a Facebook spokesman told CNET the glitch happened because of ‘one of our most recent code pushes,’ but it was only live for a short time and ‘not all content was accessible’.