A major security flaw in the way Facebook handles private photos has been unearthed by a hacker, who then posted Mark Zuckerberg's private photos online.
The flaw has since been patched by Facebook, but until Wednesday users were able to view anyone's private photos simply by reporting their public photos as offensive or containing nudity.
Before the fix, a user's private photos could be viewed simply by reporting one of their public images as offensive; it is believed that Facebook did this so that more photos could be reported, even if they were marked as private.
A Facebook spokesperson told technology site Gizmodo: "Earlier today [December 6], we discovered a bug in one of our reporting flows that allows people to report multiple instances of inappropriate content simultaneously. The bug allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy setting for these photos.
The statement claims that the error was only live for a "limited period of time" and that "upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed."
While the bug has been fixed, this episode highlights that Facebook is struggling to keep on top of security and privacy, and it's always worth remembering that private photos uploaded to a social network should never be assumed entirely private.