Facebook Flaw Exposed Private Photos

Velcroman1 writes "A security hole in Facebook allowed almost anyone to see pictures marked as private, an online forum revealed late Monday. Even pictures supposedly kept hidden from uninvited eyes by Facebook's privacy controls aren't safe, reported one user of a popular bodybuilding forum in a post entitled 'I teach you how to view private Facebook photos.' Facebook appears to have acted quickly to eliminate the end-run around privacy controls, after word of the exploit spread across the Internet. It wasn't long before one online miscreant uploaded private pictures of Facebook founder Mark Zuckerberg himself — evidence that the hack worked, he said."

Interesting

[koan]

I wonder what constitutes a "private photo" for Zuckerberg, my guess is he has no photos that would be even remotely interesting since he knows the ins and outs of FB, and why does spell check want to turn "zuckerberg" into "rubbernecker"?

It's all related somehow...

Surprised this is real.

[Ecuador]

I saw a link to the forum discussing this somewhere. From the description of the "hack", I was certain this is a hoax. You see, the idea is that the hack is to report the user with private pictures to facebook as having "nude/pornographic" images, and in the image flagging process it shows you private-only pics as well.
So it really sounded like a hoax to me to have people go around reporting private profiles of hot girls (or even boys I guess), and I am surprised it is a real security flaw. Not that you can call something on facebook a security flaw, since that would require security in the first place, right?

Private pictures?

[gmuslera]

Wasnt Zuckerberg himself who said some years ago that whoever wants to have privacy is guilty of something?

Re:Surprised this is real.

[interval1066]

This flaw has been exploited for months by the likes of 4chan.org/b/, and others. I'm surprised it took this long to get out.

Re:Of course

[betterunixthanunix]

If you upload something to Facebook, assume anyone can see it

I used to think this, but there are some pretty convincing arguments in The Net Delusion that have caused me to rethink that position. There are a lot of Facebook users, and dissident groups cannot avoid using Facebook to reach people, simply because of the large number of people on Facebook. If Facebook does not take privacy seriously, the risk to dissidents who try to contact their fellow citizens on Facebook will grow.

The point here is that yes, it is a problem when Facebook unexpectedly opens its users' data to the world against their wishes. There are legitimate reasons why someone might use Facebook but want to keep their account data private.

The pictures

[slasho81]

The pictures. [imgur.com]

Re:Of course

[Anonymous Coward]

Newsflash: any dissidents attempting to use Facebook are being plain stupid. That's like sending an email containing your entire list of friends and family to every government in the world, but with way more detail about what you do and where you are.

You do realize that Facebook privacy terms only apply to other users who use Facebook for free, and follow the terms of service, right? Facebook hackers, bots, and government agencies (and likely some large corporations) have full access to Facebook data. So does Facebook. Not only is your "private" Facebook data fair game, so is the "hidden" Facebook data, such as your access log, answers to security questions, access patterns (when you did what), etc.

Re:Regardless of THIS flaw

[ShaunC]

If the deleted content is still there a week or more later, then you've got problems.

We're talking about Facebook here. The content is never deleted, and that's by design.