A flaw in the way Facebook asks members to report inappropriate images on the site allows others to access a member's photos regardless of their privacy settings, it has been revealed.
The flaw, which was first detailed in November on the Bodybuilding.com forum, resulted in 14 private photos of Facebook's CEO, Mark Zuckerberg, being posted online under the heading 'It's time to fix those security flaws Facebook'.
Users that report an image for "nudity or pornography" are then given the option of helping Facebook identify similar images and are presented with a gallery of thumbanils from the photos the user has posted online. By making a simple adjustment to the URL, it was also possible to enlarge the images.
Facebook admitted the bug existed but has now been disabled.
"We discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously. The bug, was a result of one of our most recent code pushes and was live for a limited period of time. Not all content was accessible, rather a small number of one's photos," Facebook said in a statement.
"Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed. The privacy of our user's data is a top priority for us, and we invest lots of resources in protecting our site and the people who use it."
The flaw comes just a week after the social network admitted to making mistakes when it comes to privacy after it reached a settlement with the US Federal Trades Commission (FTC).