Skip to main content
  1. Home
  2. Social Media
  3. Legacy Archives

Facebook closes loophole that exposes private photos

Add as a preferred source on Google
facebook eye
Image used with permission by copyright holder

Facebook has disabled parts of it abuse report system that allowed users’ private photos to be viewed by anyone.

The problem, according to a Facebook spokesperson, was due to recent changes to its abuse report system, which allowed any user to flag a number of photos in another user’s album that he or she deemed “inappropriate,” even if the user filing the abuse report was not friends with the user with the private photos.

Recommended Videos

“Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously,” said a Facebook spokesperson, in an email to Digital Trends. “The bug allowed anyone to view a limited number of another user’s most recently uploaded photos irrespective of the privacy settings for these photos.  This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.”

facebook-zuckerberg-chickenThe loophole was originally uncovered on the forum of BodyBuilding.com, by user ThePoz, a 6-foot 5-inch 205-pounder from Syracuse, New York.

The patch did not come quickly enough for at least one user, however: Facebook co-founder Mark Zuckerberg. Thanks to some security wall-jumping sleuths at Hacker News and Reddit (where the BodyBuilding.com thread was posted and made widely visible), a number of Zuckerberg’s personal photos are now rapidly making their way around the Web.

Prior to its closing, the loophole worked like this: Go to the photos page of a user who is not your friend. Click on the “Report/Block” tab, and select “Inappropriate Profile photo.” After going through a number of pop-up windows, users who select to “Help us take action by selecting additional photos to include with your report,” were then allowed to pick other photos from that user’s albums. A little clever copy/paste of an image’s URL, and voila, private photos for all to see.

This is only the latest privacy flub Facebook has had to deal with since its launch in 2006. Just last week, Facebook settled with the Federal Trade Commission, which had accused the popular social network of engaging in “unfair and deceptive” privacy practices. The terms of the settlement require Facebook to receive explicit consent from users before changing any privacy settings, and to subject itself to independent audits of its privacy system for the next 20 years.

Because of this scrutiny, Facebook was quick to reiterate its commitment to user privacy, and it’s ability to keep private user data safe.

“The privacy of our user’s data is a top priority for us, and we invest lots of resources in protecting our site and the people who use it,” said Facebook’s spokesperson. “We hire the most qualified and highly-skilled engineers and security professionals at Facebook, and with the recent launch of our Security Bug Bounty Program, we continue to work with the industry to identify and resolve legitimate threats to help us keep the site safe and secure for everyone.”

Andrew Couts
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
Topics
Meta just pulled its most controversial AI image generation feature days after launch
Meta is framing this as "hearing feedback," not as fixing a consent problem.
Instagram Muse Image

A couple of days ago, I covered Meta’s announcement of the Muse Image, an AI tool that lets users generate images based on someone’s Instagram profile without asking the account owner. 

I also highlighted the risks associated with it in another piece, along with steps for opting out. Three days later, the feature is no longer available. 

Read more
Your YouTube playlists can now become actual TV shows, but there’s a catch you need to know
YouTube just gave Partner Program creators the episodic infrastructure that Netflix has been using to keep audiences hooked for years.
Electronics, Mobile Phone, Phone

YouTube just gave its creators a tool that streaming platforms take for granted. I’m talking about the ability to structure content as proper episodic TV. 

If you're in the YouTube Partner Program and you’ve been organizing your videos into playlists while praying that the algorithm and your audience notice, then Shows is the upgrade you've been waiting for.

Read more
I knew there was plenty of AI slop on LinkedIn. Shocking report says the problem is far worse than suspected
LinkedIn app on App Store iPhone

I already knew LinkedIn was overflowing with posts written by AI, recycled leadership advice, and those god-awful lessons about entrepreneurship. A new report suggests the situation is considerably worse than even the platform’s feed makes it appear.

AI-detection company Pangram analyzed more than one million posts scanned through its Chrome extension across LinkedIn, X, Reddit, Medium, and Substack. LinkedIn represented approximately one-third of everything scanned, yet produced 62% of all content Pangram flagged as AI-generated.

Read more