Facebook photo exploit allows you to view any albums of non-friends

Facebook has a plethora of personal information that when any exploit, no matter how small, surfaces, it can become a huge security risk. A new exploit has surfaced that allows anyone to access any photo album of non-friends as long as you have the link. 

A user on Reddit has posted the above image and Neowin has verified that it does indeed work. By following the simple steps, you can bypass the security of Facebook and view photos of others online. The exploit comes hot on the heels of Facebook increasing its security by using https.

The above exploit is just the latest in attempts to bypass the popular social networking sites security. Facebook has come under fire in the past for its questionable security practices because of the amount of information the website contains.

Facebook is a great tool for staying connected to friends and family, but because of the information on the site, it is also a great tool for identity thieves. You should always be aware that any information you place online can be viewed by anyone who has the determination to find it, it's only a matter of time. 

Report a problem with article
Previous Story

Your Facebook status is now a company ad

Next Story

BlackBerry Playbook and smartphones to support Android apps?

52 Comments

Commenting is disabled on this article.

Another facebook exploit. Find someone who has their account locked to friends only or some such thing but has their friends list still open. Click on each of the friends until you find someone who has their wall open and view their wall. If that friend has posted a reply to the locked persons status update it will show. Simply click on the link supplied and you get to see the locked persons status post as well as all the replies to that status.
It's a bit of a hit and miss affair and you have to be a serious stalker to try and find people who have their walls open and replied to the locked persons status, but it works. You can see the locked persons status post and all replies to it.

This exploit is nothing new....

What will exploit the album to non friends is if one of YOUR friends tags someone's album or comments on a picture that is a friend of theirs but not yours....once that picture is tagged or commented on...there were tabs above the picture where you could simply just go into their album and look at all their pictures...

That exploit has been around for over a year that I know of.

Andrew Bosworth Director of Engineering at Facebook, the guy that has his photo's link posted on reddit just said that his page and those photos of Katy Perry are public and Facebook Photo's are not breached at all. There is no security hole and that article is incorrect, it exposes already public photos.

Here is the conversation with Andrew Bosworth
http://i784.photobucket.com/albums/yy123/chrstb2466/a1.jpg

So typical of faceboook, just wondering at loud here....Does Facebook have an inhouse security team? i mean seriously its like friggin microsoft before the trustworthy computing innitiave began (read patch tuesdays). Comon Mark im paying your company top dollar....oh no..wait..no...wrong site..facebook is free i forgot.

I tried to test this but EVERYONE I know has their pictures set with no security. I guess people really don't care about privacy!!

aftas said,

Doesnt work on profile pictures.

It's not just profile pictures. I've gone around and checked from other albums, etc. Samething everywhere. It depends on whether your account has been upgraded or not.

DarkSim905 said,
Why is this news? We take stuff from 4chan now? :\

Agreed. Too bad from neowin ..

BTW, who cares actually ? ohh the 500m users ..

get a life

I think the assumption here is that all information given out on fb is not sensitive, so they don't even borther to secure these information. it's not the online banking site, people. wake up

koo9 said,
I think the assumption here is that all information given out on fb is not sensitive, so they don't even borther to secure these information. it's not the online banking site, people. wake up
But with this information that people post on facebook, getting into your bank account is made alot simpler. People post employment history, education school history, emails, phone numbers, family memorys, personal details, IM screen names, favorite shows/activitys etc. With this such information getting into ones more "secure/financial"; serious websites is made super easy. Stop being ignorant and .. wake up.

Never upload "this shouldn't non-friends see" pics to such sites...

Mh... oh well, then again....
*keeps an open eye on torrent sites, running searches like "facebook hacked xxx"... j/k *

GS:win

3 facebook news reports in a row, with 5 being on the frontpage as of now. WHAT is coming to this world?
Why don't we find a cure for cancer instead of social networking.

superconductive said,
3 facebook news reports in a row, with 5 being on the frontpage as of now. WHAT is coming to this world?
Why don't we find a cure for cancer instead of social networking.

Well, that's doctors' matter. We are more of computer guy i guess.

This is old and anything posted in like, the last two years, shouldn't really work anymore.

There are similar things posted on 4chan daily, though. The only real way to block it is to hard check the users logins and permissions on every image view (which would prevent linking of images to those who don't have FB).

ascendant123 said,
This is old and anything posted in like, the last two years, shouldn't really work anymore.

There are similar things posted on 4chan daily, though. The only real way to block it is to hard check the users logins and permissions on every image view (which would prevent linking of images to those who don't have FB).


Still works here.

still works here too...thus the reason its posted. Hopefully it will shine a light on a problem that Facebook is to lazy to fix.

Another day, another exploit. Not surprised.

Oh well, at least I'm one of the only people left that still have hardbound photo albums.

Doesn't work with the new picture viewer, was just testing it and the "n" now comes at the end of the picture, or maybe I'm just missing something. So it seems to be fixed at least

KyleGM said,
Doesn't work with the new picture viewer, was just testing it and the "n" now comes at the end of the picture, or maybe I'm just missing something. So it seems to be fixed at least

I don't have the new picture viewer yet - doesn't work on profile pictures tho

aftas said,

Ah that explains that

It's probably the new profiles? I've switched to the new one and I'm having the same thing happen. It doesn't matter whether it's a profile picture or not, the n comes after and use a newer viewer.

laz45 said,
this is old.

Agreed, this is about as old as Facebook itself.

I saved that same picture about a year ago from 4chan - ahhh, love those info threads

laz45 said,
this is old.

+1, I remember seeing it ages ago.

If they are going to allow access to pictures without authentication, the least they could do is use non-meaningful numbers in the path/filename - GUID's come to mind.

This is sad. We're talking about one of te biggest repositories of personal information known to mankind and this is the kind of security we get?

lol, just lol. I think it's fair to say that today probably wasn't a usual day at the office at Facebook.

Tom said,
lol, just lol. I think it's fair to say that today probably wasn't a usual day at the office at Facebook.

But they have https!!

Northgrove said,

But they have https!!

Maybe they should actually increase the security instead of just adding https which very few people will use.