Report: Facebook security lapse exposes photos

Private Paris Hilton photos have been exposed as security flaws are found in the latest Facebook privacy update.

Share

Private Paris Hilton photos have been exposed as security flaws are found in the latest Facebook privacy update.

A breach in Facebook’s security allowed total strangers to view private and restricted photos posted on users’ profiles despite last week's unveiling of privacy upgrades, according to an Associated Press report Tuesday.

The AP verified the security lapse Monday after receiving a tip from Byron Ng, a Canadian computer technician who claimed to discover the lapse. Ng said he began looking for security weaknesses at the popular social network after last week's announcement that Facebook had developed new ways for members to limit access to content in their personal profiles.

A Facebook spokesman did not respond to a request for comment Tuesday; however, a spokeswoman had told the AP on Monday that the bug was fixed.

Ng was able to find private pictures of Paris Hilton, while the AP used a template provided to it by Ng to access private photos of Facebook co-founder and CEO Mark Zuckerburg.

Marshall Kirkpatrick, a blogger at ReadWriteWeb, wrote that his readers had found evidence that the photos were exposed to unauthorised users for months via a simple URL edit.

"[The lapse] appears to have been simply a technical inadequacy," Kirkpatrick wrote. "It's tempting to say that breaches like this are an obstacle to ongoing user adoption of online services. At the same time, how often are credit card numbers exposed? The convenience of online shopping mitigates the impact of those stories. The same may or may not be true with online social networking."

Nick O'Neill, a blogger at AllFacebook, said that as Facebook grows the company will be forced to upgrade privacy protections during each level of development.

"Then again, should Facebook hold the same standards for their photos team as they do for their credit card processing?" O'Neill added. "I would imagine that it ends up being a cost-benefit analysis which determines how much protection goes into each product."

This photo has been reproduced under the Creative Commons Attribution 2.0 License. This image was originally posted to Flickr by celebboy.

"Recommended For You"

Facebook data harvested by fake profile bots Online privacy - Facebook fires back at US password-snooping employers