For a little while today, it was possible to view anyone's — and we mean anyone's — private Facebook photos. The simple exploit, which was publicized on an online bodybuilding forum, involved taking advantage of a security lapse in the way Facebook handled profile photos flagged as indecent.
To perform the hack, you would first have had to select a target profile and click "report/block" on the bottom left of the person's page. Doing so still brings up a dialogue box with several options; in this case, you would select " Inappropriate profile photo " and click "Continue."
From there, you can click "Nudity or pornography" in another pop-up box and again hit "Continue."
You are then given the option to warn the person, block them and/or report to Facebook.
If you click "Report" and "Continue," your report is sent to Facebook.
Until sometime today, the next dialogue box you'd get would give you the option of selecting more photos from the target person's account to append to your report. But instead of showing you only the photos that person had made public, it showed you ALL his or her photos.
That may not sound like much, but the fact is that thousands, if not millions, of people have posted racy, revealing or otherwise compromising photos to Facebook, photos that they think only their close friends or family members can see.
Facebook quickly got wind of the glitch and fixed it.
"Earlier today, we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously," a Facebook spokesperson told SecurityNewsDaily. "The bug allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos.
"This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed."
While the security glitch was still active, it was tested out on — who else — the Facebook page of Facebook founder and CEO Mark Zuckerberg.
The perpetrator set up a page on image-sharing website Imgur showing images of Zuckerberg and his girlfriend playing with their puppy, giving away candy on Halloween and making dinner, and one of the self-made billionaire meeting President Obama. The top of the page bore the text, "It's time to fix those security flaws Facebook..."
To keep your photos and other personal information out of hackers' hands, and for other steps on how to make Facebook a safe, private space, click here.