Facebook has since disabled the report tool and is fixing the flaw
Saying Facebook has privacy issues is like saying the Earth revolves around the sun; it's just understood at this point. Facebook further solidified that viewpoint today when a flaw allowed users to peek at the private photos of others.
Facebook users were able to access the private photos of others today via a Facebook flaw associated with the "Report Abuse" tool. The flaw was identified by a body building forum earlier in the day.
Using the "Report Abuse" tool, Facebook users were able to flag profile photos as inappropriate. When checking the "nudity or pornography" option as the reason for the photo being inappropriate, Facebook offered the user a "take action by selecting additional photos to include with your report" option. This allowed Facebook users to see a number of extra photos, private or not.
The flaw can be abused by anyone, according to ZDNet, and users who were victims of privacy invasion have no way of knowing what happened. Even Facebook CEO Mark Zuckerberg was a victim of privacy invasion today, as a few of his private photos (which can be seen to the right of this article) were posted online.
Later today, Facebook addressed the issue in a statement and disabled the tool until the flaw is fixed.
Facebook's statement is as follows:
Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously.
The bug, was a result of one of our most recent code pushes and was live for a limited period of time. Not all content was accessible, rather a small number of one’s photos. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.
What is especially interesting about this new security flaw is that Facebook just settled its major privacy case with the U.S. Federal Trade Commission (FTC) last week, where Facebook agreed to obtain user consent when changes are made to privacy settings as well as 20 years of independent audits.
Sources: ZDNet, imgur
[Submitted by Christo [PCD]
]Click to discuss this news item in the forums