A security vulnerability in Facebook Inc.'s social-networking site exposed by some users sent the company scrambling for a fix after Chief Executive Mark Zuckerberg's private photos were published online.
In a Nov. 27 post on the Web forum Bodybuilding.com, an anonymous writer listed step-by-step instructions on how to access photos uploaded by other Facebook members, even if the images had been marked as private.
The process involved a Facebook feature that lets users identify pornographic or inappropriate images on the site. The forum post showed that by flagging another user's profile, one Facebook member was able to gain access to the other's private images.
A blogger on Tuesday reported on the security flaw, and used it to publish a photo from Mr. Zuckerberg's private collection. Others then used the flaw to publish further photos from Mr. Zuckerberg's collection, including images of the Facebook CEO preparing food in a kitchen and distributing candy to Halloween trick-or-treaters.
It wasn't immediately clear how long the Facebook security flaw was available on the Web, or how many of the site's more than 800 million users were affected. But the company attributed the problem to a recent revision of its software.
In a statement, a Facebook spokesman said.
"The flaw was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed."
The anonymous poster responded in an email to a request for comment by saying he discovered the flaw accidentally. The post, who gave his name only as john P., lists his hometown as Syracuse, N.Y. and said,
"I am an IT professional. This is simply terrible programming on Facebook's part. Inexcusable considering how many engineers and web developers they have working for them."
Facebook has faced a series of questions about its security and privacy features since it was founded in 2004. The site has rapidly gained popularity, and Facebook is expected to stage an initial public offering of shares next year that could value the company at over $100 billion.
Last month, Facebook announced it had reached a settlement with the U.S. Federal Trade Commission, after the regulator found the company had misled users about the use of their personal information.
The settlement requires Facebook "to establish and maintain a comprehensive privacy program," the FTC said at the time.
AllThingsD's Liz Gannes reviewed Mark Zuckerberg's posts over the past five years, and out of 25, ten were written to address privacy complaints.
The posting of Mr. Zuckerberg's photos Tuesday recalls a similar attack staged in January, when a hacker appeared to post a message purporting to be by the CEO that suggested the company raise funding from its own users rather than banks.
COMMENTARY: I wonder how many other pics of unsuspecting Facebook users were hijacked in the same fashion as were Zuck's. That's a scary thought isn't it?
Courtesy of an article dated December 7, 2011 appearing in The Wall Street Journal and an article dated December 7, 2011 appearing in The Telegraph
Comments
You can follow this conversation by subscribing to the comment feed for this post.