Mark Zuckerberg photos leaked on Facebook
A security flaw allowed private photos of Facebook CEO Mark Zuckerberg to be downloaded from the social networking site and posted in an online gallery this week.
Fourteen photos of Zuckerberg, which appear to include images of him preparing food with his girlfriend and playing with his dog, were downloaded from Facebook and posted on the photo-sharing site Imgur Tuesday under the headline “It’s time to fix those security flaws Facebook.”
The photos were leaked due to a flaw in the system that allows people to report pornographic or other inappropriate images posted by other users.
Following the incident, Facebook issued a statement confirming a bug that “allowed anyone to view a limited number of another user’s most recently uploaded photos irrespective of the privacy settings for those photos.” It said it had disabled the inappropriate photo-reporting feature until it has been fixed.
According to Facebook, the flaw came about as a result of a recent code push, and was only live for a small period of time.
However, an internet user known by the alias ThePoz, who had posted instructions on the bodybuilding.com forum about how to exploit the flaw, claimed the instructions had been up for “a couple of weeks” on a different forum.
According to the posting, when users clicked on the “report/block” button for a publicly viewable photo of a Facebook member such as their profile picture, then selected it as inappropriate and containing nudity or pornography, they were given the option to select additional photos to include with their report, including private photos. Those photos could be easily expanded to their largest available size.
The technology website ZDNet said the Zuckerberg photos were posted at Imgur by members of the bodybuilding forum.
ZDNET also reported that it had tested the flaw before the feature was disabled, and found it could be used to access the photos of any Facebook member. However, private photos were not always exposed.