News

Facebook hackers expose private Mark Zuckerberg images to highlight security flaws

Warwick Ashford

Facebook hackers have published private photographs of founder Mark Zuckerberg to highlight security flaws in the social network.

The 14 images – which included shots of Mark Zuckerberg and his girlfriend cooking – were published on the image site Imgur, with a message saying: "It's time to fix those security flaws Facebook."

The flaw that enabled access to the pictures of Zuckerberg was found in a tool for users to report inappropriate images, but Facebook claimed it had already fixed the vulnerability.

"The bug allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos,” Facebook said in a statement.

Facebook said the bug had crept in through a recent code update, but was live only for a limited period of time.

"Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed," the statement read.

The bug was discovered by members of a bodybuilding forum, who went on to post step-by-step instructions on how to exploit the flaw to view private photos, according to the BBC.

The instructions for how to circumvent Facebook’s privacy systems have been circulating online for more than two weeks, according to The Telegraph.

The embarrassing incident comes just one week after Zuckerberg admitted “a bunch of mistakes” after reaching a settlement with the Federal Trade Commission (FTC) over charges that Facebook misled users about its use of their personal information.

The FTC conducted an investigation after a slew of complaints about Facebook’s practices. These included sharing user data with advertisers, access to user data by third party apps and changes to privacy settings that made more user data public without warning.

The FTC has imposed external inspections of Facebook’s privacy systems for the next 20 years and threatened fines of $16,000 a day for new violations.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy