Brief glitch let Facebook users see private photos

A tech site accessed photos of Facebook CEO Mark Zuckerberg during a brief glitch.

Story highlights

  • A Facebook bug briefly exposed some users' private photos
  • The glitch was part of a new set of computer code, Facebook said
  • One tech blog used glitch to get private photos of CEO Mark Zuckerberg
What's been described as a bug in some new computer code briefly allowed Facebook users to snoop on the private pictures of other members.
The glitch, which Facebook discovered Tuesday, was part of the site's tool that lets users report offensive contents. Clicking on a user's profile picture, then reporting it to Facebook as containing nudity or other inappropriate content, was then prompting Facebook to show other photos from that user's account and asking whether they, too, were offensive.
The images were showing up regardless of the user's privacy settings, Facebook said.
Multiple reports said that the bug was first identified on the reader forums for That discussion seemed to have been taken down by Tuesday afternoon, but users were commenting about it in other threads.
"This was the result of one of our recent code pushes and was live for a limited period of time," Facebook said in a written statement. "Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed."
A Facebook spokesman did not say how long the bug had been live.
Earlier Tuesday, tech blog ZDNet reported that it had been able to access several photos from Facebook CEO Mark Zuckerberg's private account. They posted one of him with President Barack Obama (saying they selected it because it features public figures).
CNN was not able to duplicate a similar attempt by early Tuesday afternoon. Some Web browsers restricted the flaw the entire time, ZDNet said.
In its statement, Facebook called user privacy a top priority and cited its recent Security Bug Bounty Program, which pays users who help identify security problems on the site.