Zuckerberg photo leak exposes Facebook privacy flaw

The recent Facebook flaw that led to the disclosure of founder Mark Zuckerberg's personal images could signal a larger issue regarding user privacy on the social networking site.

A group of users disclosed the flaw along with a number of images pulled from the locked photo gallery of Zuckerberg.

The company has since fixed the flaw, which allowed a third party to view a user's locked and private images while reporting a public image as objectionable or offensive. Facebook has noted that only a small portion of locked images were displayed by the flawed feature.

While the incident itself was limited in scope, the underlying cause of the problem could indicate lingering problems with Facebook's approach to security.

Andrew Brandt, director of threat research for Solera Networks Research Labs, told V3 that such issues should be addressed by developers during normal quality assurance (QA) testing. In this case, Brandt believes the company never thought to check the reporting tool for such a privacy disclosure situation.

"It would be smart of Facebook to hire some people that have a strong security-focused mindset to do QA of their tools," he explained.

"It is not a reflection on their ability to write good applications, it is a failure of the imagination of whoever tested this feature."

The incident is far from the first occasion in which Facebook's privacy protections have been called into question. The company has a long history of embarrassing breaches and user revolts over its inability to properly manage and protect the personal data of its customers.

Recently, the company agreed to a settlement with the FTC over multiple charges of mishandling user data.

The company's record of privacy problems only furthered discussion on the latest issue. Brandt believes the reaction to the flaw was driven by a combination of public sentiment towards the company and the high profile of the target.

"This was a very minor flaw that got drawn into the public eye because it was the president of a social networking company," he said.

"It was somebody lashing out against Facebook in a public way. They used pictures of Zuckerberg because they knew people would react in a dramatic way."

Brandt noted that, by nature, privacy protections can seem counter-intuitive in a social networking space designed to help users display and share information about themselves with others. He recommended that users take a cautious approach in their activity, assuming that any information posted to the service will at some point be made public.