9:56 AM PST Tue, Dec 6, 2011
[UPDATE 12/13/11 at 9:15am: Facebook is now suggesting that you enable secure browsing to help protect account from hackers. ]
[ UPDATE 11:52am PT: ] Facebook has ackowledged the bug that allowed users to access private photos and is currently fixing the bug. A Facebook spokesperson told ZDnet that the bug "was discovered in one of our reporting flows" that let users report several instances of inappropriate images or posts. Facebook also reaffirmed its commitment to data privacy, stating it as a "top priority" for the company. ]
A Facebook security hole that allows you to view, save and share private photos has enabled one hacker to expose those of Mark Zuckerberg.
The method requires you to first locate the person you want to view photos of, then report a photo as nudity or pornography. From there, check Report to Facebook and click continue. Facebook will then give you the option to help them take action by selecting additional photos to include in the report, which then gives you access to the user's private photos.
Facebook has received an enormous amount of criticism lately for its privacy practices. In November, Facebook settled with the Federal Trade Commission over its failure to keep its privacy promises and Zuckerberg admitted that Facebook "made a bunch of mistakes."
"With each new tool, we've added new privacy controls to ensure that you continue to have complete control over who sees everything you share," Zuckerberg wrote to Facebook users in November. "Because of these tools and controls, most people share many more things today than they did a few years ago."
Now with everyday users able to access private photos, it brings up the question of, once again, how safe is it to upload your information and photos to Facebook, even if you have strict privacy settings enforced?
"This shows that Facebook has no robust security model at all," raphman, who is a PhD student, writes on Hacker News. "Either they do not have any mandatory access control for private data, or someone approved of circumventing such access control measures for this feature. Both is in my opinion inacceptable for a company holding so much potentially sensitive data."
As the blog with the images of Zuckerberg states, "It's time to fix those security flaws facebook..."
With Facebook under watch by the FTC for the next 20 years, we wonder what effect this will have on the social network considering that for every violation, the FTC could charge up to $16K.