Bodybuilders expose Facebook's Zuckerburg to the world

Mark Zuckerberg
7 Dec, 2011

Members of a bodybuilding forum find a flaw in Facebook, leading to Zuckerburg's private pictures being exposed.

A number of Mark Zuckerburg's private Facebook photos have been posted online after a flaw in the site was uncovered by users of a bodybuilding message forum.

Users were able to see private photos by exploiting a weakness in Facebook's reporting functions. Prior to Facebook addressing the issue, users could highlight a photo as inappropriate and then choose to include and view additional photos in the report, some of which could have been private.

Facebook needs to stop making mistakes when it comes to its members' privacy.

It took personal images of Zuckerburg, showing snippets from his personal life including an image of the social network's chief holding a dead chicken, for Facebook to fix the issue.

"In many ways it's good that Zuckerberg's account was targeted - if it such a high profile figure hadn't fallen victim, the flaw might have continued to have been exploited for much longer opening up opportunities for stalkers and others to view private photos," said Sophos chief technology consultant Graham Cluley, in a blog post.

"Facebook's programmers are experimenting with new features and are testing them out on the live site without, in this case at least, the code being properly reviewed with privacy in mind."

Facebook said the flaw was only live for a limited period of time and it was working on a permanent fix for the bug.

"Facebook needs to stop making mistakes when it comes to its members' privacy. Once users' trust is broken, it will be very hard to restore," Cluley added.

This is not the first time Facebook has found itself under the spotlight over photo privacy. In January, IT Pro found that by simply right clicking and selecting ‘copy image location’ on a photo, whether private or not, friends who had seen the picture could then paste the image URL to share it with unauthorised users, even those not on Facebook.