A glitch in Facebook’s code briefly let people access private photographs of other members.
The bug was discovered by a member of an online bodybuilding forum.
This led to people accessing personal images belonging to other other members. Even the site’s founder and CEO wasn’t immune — Mark Zuckerberg’s own profile was soon ransacked, and various private picures of his were posted throughout the Web.
Facebook has reportedly stated that it has found and fixed the bug.
Even so, “It’s a big deal,” independent security analyst Randy Abrams told TechNewsWorld. “A date in a photo can reveal you’re out of the country right now, for example. There are numerous ways that disclosure of confidential information like this can be damaging.”
Facebook did not respond to our request for comment for this story.
The glitch apparently took advantage of Facebook’s mechanism to report inappropriate images. When a Facebook member clicked on the “Report” tag to flag an image on someone else’s profile as inappropriate, the site kicked up other photos from that profile, including private photos, so the complainer could determine whether or not they were also inappropriate.
Facebook reportedly blamed the glitch on a recent code push and said the problem only existed for a short time.
The social networking site took the feature offline and has reportedly resolved the problem.
What Might Have Caused the Problem
“Fundamentally, the bug was the result of a failure to apply privacy settings to a public search tool,” Abrams stated.
However, it’s “par for the course” for bugs to pop up during code changes. The appearance of the glitch doesn’t necessarily mean Facebook was slacking off in code testing.
“There are a seemingly infinite number of variables to test for in quality assurance,” Abrams pointed out. “It’s always the one you never saw coming that becomes the new QA test case.”
There Really Is No Privacy, Mark!
Posting photos to online sites is a risky business, whether the site is Facebook, Google’s Picasa or any other site.
“No matter how private you think your album is, it’s one bug or corporate change away from primetime YouTube,” Abrams warned.
Further, the owners of the photos share copyright with the sites.
“Google claims irrevocable rights [to your content], while the complexity of Facebook’s privacy model makes it difficult for most users to know if their pictures are private, even in the absence of bugs,” Abrams said.
Facebook’s privacy model “is far too complex to reasonably expect them to prevent serious bugs that compromise privacy in the future,” Abrams cautioned. “The question is when, not if.”