A bug in Facebook’s code briefly gave users access to other users’ Facebook photos — including those of Mark Zuckerberg — without permission Tuesday.
Members of a body building forum first spotted the bug, which appeared in a new feature that allowed people to report multiple instances of inappropriate content simultaneously. If you reported a photo for reasons of “nudity or pornography,” you were given the option to “take action by selecting additional photos to include with your report”. You were then shown additional recent photos from the same profile to flag if inappropriate. Unfortunately, photos were shown regardless of their owners’ photo privacy settings.
Facebook has since removed the feature from its site.
“This was the result of one of our recent code pushes and was live for a limited period of time,” a Facebook spokesperson said in a statement. “Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.”
Private photos can no longer be accessed via the bug, but it was live long enough to beget a blog filled with photos of Mark Zuckerberg that were supposedly obtained this way. Some of the photos on the blog are publicly visible on Zuckerberg’s Facebook profile, while many are not. The non-public photos on the blog include pictures of Zuckerberg making sushi, and one where he is holding a rooster. None of them is particularly scandalous.
The bug’s exposure comes at a time when Facebook is particularly sensitive to privacy concerns. Just last week the social network, which is preparing for a reported $100 Billion IPO, agreed to settle with the FTC over charges that it had deceived users about privacy.