Facebook Flaw Exposes Its CEO

A security vulnerability in Facebook's social-networking site exposed by some users sent the company scrambling for a fix after Chief Executive Mark Zuckerberg's private photos were published online.

In a Nov. 27 post on the Web forum Bodybuilding.com, an anonymous writer listed step-by-step instructions on how to access photos uploaded by other Facebook members, even if the images had been marked as private. The process involved a Facebook feature that lets users identify pornographic or inappropriate images on the site. The forum post showed that by flagging another user's profile, one Facebook member was able to gain access to the other's private images. A blogger reported on the security flaw, and used it to publish a photo from Zuckerberg's private collection. Others then used the flaw to publish further photos from Zuckerberg's collection, including images of the Facebook CEO preparing food in a kitchen and distributing candy to Halloween trick-or-treaters. It wasn't immediately clear how long the Facebook security flaw was available on the Web, or how many of the site's more than 800 million users were affected. But the company attributed the problem to a recent revision of its software.