Facebook-Flaw exposes private Photos

Toller Bug bei Facebook: Bis gestern nacht konnte man dort die Fotos eines Users als „anstößig“ melden (wegen Pornografie oder Nacktbildern) und daraufhin die privat-geflaggten Bilder durchsuchen. Festgestellt haben das die Mitglieder eines Bodybuilder-Forums und die haben dann auch gleich mal Marc Zuckerbergs Fotos durchsucht und einige bei imgur hochgeladen. Facebook hat die Sicherheitslücke mittlerweile geschlossen. (Und ich wollte erst „Facebug-Pornflaw“ in die Headline schreiben, das war mir dann aber zu Linkbait.)

A flaw in Facebook’s image reporting tool allows users to view the private photos of other users, including those of Facebook founder Mark Zuckerberg — like the one at the top of this story.

The flaw was found by members of a bodybuilding forum, who discovered that if they reported a public Facebook photo for abuse – using the tool that Facebook offers to report nudity or pornography – they could access other nonpublic photos for the same user they’re reporting, according to ZDNET.

Facebook’s tool asks the reporting user to help Facebook “take action by selecting additional photos to include with your report” then displays a handful of other private photos belonging to the individual that’s being reported. The person reporting the abuse, can then rifle through the user’s other images.

Members of the bodybuilder forum used the flaw to peruse the images of women they found attractive. They then targeted Zuckerberg and began viewing his private photos, and posted some of them to an image site.

Facebook Flaw Exposes Private Photos