When Facebook isn't intentionally destroying your privacy, it's doing so unintentionally. That even goes for Mark Zuckerberg: Two years ago, the Facebook CEO's once-private pictures were exposed to the world after the social network changed its privacy defaults. Now his once-private photos are again exposed to the world, this time thanks to a security flaw.
The Facebook vulnerability, first exposed on a body building forum, let an attacker see private images if the attacker clicked to report inappropriate profile photos from a target user. The attacker then had the opportunity to select additional inappropriate photos from the target, at which point the attacker was able to review at least some of the target's private pictures.
To prove the vulnerability, at least one Facebook user obtained private pictures from Zuckerberg's collection, which have been uploaded here (along with some old and public photos). The hack attack includes the first known image of Zuckerberg with one of the animals he personally slaughters, the chicken above in the upper left, which was apparently turned into fried wings, served with french fries lower left.
Facebook admitted the flaw (see update here), and blamed it on a "recent code push." Prior code pushes let friends spy on each others' chats, misdirected private messages to strangers, and exposed private email addresses.
It's about time Zuckerberg was affected by his company's sloppy handling of user data. He should be personally impacted every time Facebook fumbles on privacy. By law!