Private photos of Mark Zuckerberg uploaded to his Facebook have leaked onto the public internet following the discovery of yet another security flaw, one of the many that have plagued the social networking website since its inception in February 2004.
The flaw, which Facebook has acknowledged, appears to have first been posted about on a body building forum along with step-by-step instructions on how to obtain access to the private photos of any Facebook user.
The forum post has since been deleted and upon discovering the security flaw, Facebook said it "immediately disabled the system" used to obtain private photos and would only "return functionality" once it had confirmed a fix.
The flaw "allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos", Facebook said in a statement, and was "the result of one of our recent code pushes".
It was was live for "a limited period of time", it added.
One of the photos extracted from Facebook founder Mark Zuckerberg's profile shows him holding a chicken upside down as if it were dead. Another shows him holding two plates, one with what looks to be battered chicken on it and the other, thinly-sliced potato chips.
If reports of Zuckerberg only eating meat he has killed are anything to go by, it's likely the chicken was slaughtered.
Other photos show him with "Beast", his fluffy white dog, and girlfriend Priscilla Chan at their home.
There's also photos of Zuckerberg with friends while eating and drinking, with US President Barack Obama and with children in costumes, likely taken during Halloween in the US.
Facebook has had a long history of access control vulnerabilities, especially around unauthorised access to photos, said Ty Miller, chief technology officer at the Australian security firm Pure Hacking.
In December 2009 a privacy overhaul of the social networking site saw almost 300 photos of Zuckerberg and his friends as well as his calendar and wall posts made public to even non-friends. Access privileges were revised to "friends of friends" following reports of the photo treasure trove in the blogosphere.
"Facebook users should expect variations of this type of security flaw to continue into the future," Miller said. "As a precaution Facebook users should ensure that they only upload content ... that won't negatively impact them if it is leaked."
He added that the social networking giant should ensure that penetration tests were performed on all updates to the site to ensure that vulnerabilities like the recent one were detected prior to being released to the public.
- The Age