Facebook disables bug that exposed private photos
A Facebook bug came back to haunt the company's co-founder and CEO, Mark Zuckerberg.
A spokeswoman for the social networking site Wednesday confirmed that a flaw was discovered in the mechanism that allows Facebook users to report photos on the site that violate the social network's terms of service.
Before it was disabled, the flaw was used to gain access to users' photos - even private photos. In fact, some hackers used the bug to grab photos from Zuckerberg's personal collection and then post them for public online viewing.
"The bug allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos," the company said in a statement.
"This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed," it added.
The problem comes about a week after Facebook disclosed that it had signed an agreement with the U.S. Federal Trade Commission, to settle charges that it had deceived users by sharing information it had told them would be private.
The FTC went after Facebook, the world's largest social networking site with about 800 million users, for not keepings its privacy promises to users and for sharing information that users were led to believe would be kept private.
Zeus Kerravala, principal analyst with ZK Research, Facebook's latest mess up comes at a bad time for the firm. "It's another example of why they've come under [FTC] scrutiny. They just don't take security seriously," he said.
"They admitted that [the latest problem] was caused by a recent code push, so it's very embarrassing," Kerravala added. "The culture there is to innovate first, no matter what the cost. This is another black eye for Facebook."
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld .