Facebook has this week (w/c 5th Dec) patched a vulnerability that allowed any user to view any other user’s private photos. Mark Zuckerberg’s Facebook account was compromised and a total of thirteen photos were downloaded and posted on a website called imgur.com.
Facebook responded very quickly after Zuck had his account compromised after a post in a discussion forum on bodybuilding, detailed a method for using a feature to report suspicious content to bypass privacy protections on other Facebook users’ accounts. The code flaw was actually created in a recent code push and Facebook confirmed that the flaw was only available for a “short period of time” before it was patched.
Safe surfing folks!