Update: Facebook has now fixed the glitch & it says,
Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously. The bug allowed anyone to view a limited number of another user’s most recently uploaded photos irrespective of the privacy settings for these photos. This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.
A security hole spotted by members of a body building forum
(thread deleted by Administrator) allows users on Facebook to view, download and share private photos of other users. This enabled a member of the forum to expose Founder and CEO of Facebook, Mark Zuckerberg’s private photos. This means that any photos that are hidden or nonpublic could be accessed by any users, reports Fox News.
This can be done by using the “Report abuse” feature in Facebook, which is basically used to keep the social networking site clean and remove harmful images, posts or content.
It requires you to first “report/block” that user’s Facebook account. You will be prompted with a set of options. Clicking the “Inappropriate photo profile” takes you to the next step where you’re asked select an option on why you find the photo inappropriate.
Selecting the option to report the photo to Facebook brings up another screen that says – “Help us take action by reporting additional photos to include with your report.” By clicking on the last option will enable you to choose photos of that person, including those which are marked private.
A member of the forum shared images of Zuckerberg’s private Facebook photos on an image sharing website. For a company with 800 million user base that is holding potentially sensitive data, this security hole is completely unacceptable. This itself shows that Facebook’s security model is pretty weak.
Earlier in November, Zuckerberg made the following statement -
“With each new tool, we’ve added new privacy controls to ensure that you continue to have complete control over who sees everything you share. Because of these tools and controls, most people share many more things today than they did a few years ago. Overall, I think we have a good history of providing transparency and control over who can see your information.”
Well, we now see how good users have control over their data, and how “transparent” the information on Facebook is. There is no way you can prevent this, but it is reported that the Facebook team is currently investigating through the issue, and hopefully will come out with a solution soon.