Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Flaw Exposed Private Photos

Posted by Soulskill on from the somebody's-having-a-bad-day-at-the-office dept.

Velcroman1 writes "A security hole in Facebook allowed almost anyone to see pictures marked as private, an online forum revealed late Monday. Even pictures supposedly kept hidden from uninvited eyes by Facebook's privacy controls aren't safe, reported one user of a popular bodybuilding forum in a post entitled 'I teach you how to view private Facebook photos.' Facebook appears to have acted quickly to eliminate the end-run around privacy controls, after word of the exploit spread across the Internet. It wasn't long before one online miscreant uploaded private pictures of Facebook founder Mark Zuckerberg himself — evidence that the hack worked, he said."

6 of 201 comments (clear)

  1. Surprised this is real. by Ecuador · · Score: 4, Interesting

    I saw a link to the forum discussing this somewhere. From the description of the "hack", I was certain this is a hoax. You see, the idea is that the hack is to report the user with private pictures to facebook as having "nude/pornographic" images, and in the image flagging process it shows you private-only pics as well.
    So it really sounded like a hoax to me to have people go around reporting private profiles of hot girls (or even boys I guess), and I am surprised it is a real security flaw. Not that you can call something on facebook a security flaw, since that would require security in the first place, right?

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
    1. Re:Surprised this is real. by interval1066 · · Score: 4, Interesting

      This flaw has been exploited for months by the likes of 4chan.org/b/, and others. I'm surprised it took this long to get out.

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
  2. Private pictures? by gmuslera · · Score: 5, Interesting

    Wasnt Zuckerberg himself who said some years ago that whoever wants to have privacy is guilty of something?

  3. The pictures by slasho81 · · Score: 5, Interesting

    The pictures.

  4. Re:Of course by Anonymous Coward · · Score: 4, Interesting

    Newsflash: any dissidents attempting to use Facebook are being plain stupid. That's like sending an email containing your entire list of friends and family to every government in the world, but with way more detail about what you do and where you are.

    You do realize that Facebook privacy terms only apply to other users who use Facebook for free, and follow the terms of service, right? Facebook hackers, bots, and government agencies (and likely some large corporations) have full access to Facebook data. So does Facebook. Not only is your "private" Facebook data fair game, so is the "hidden" Facebook data, such as your access log, answers to security questions, access patterns (when you did what), etc.

  5. Re:Regardless of THIS flaw by ShaunC · · Score: 5, Interesting

    If the deleted content is still there a week or more later, then you've got problems.

    We're talking about Facebook here. The content is never deleted, and that's by design.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!