The privacy flaw has reportedly been detailed online for several weeks, on websites instructing users on the steps they can take to circumvent the site’s security measures.
In order to evade the security checks, users were able to report public profile pictures as ‘nudity or pornography’, and then to request to report more photos of the same user. The other photos are then displayed in a small format, whether or not the person viewing them would normally have access.
Observers writing on the Hacker News site noted that the issue raised further questions on Facebook’s security.
“If that doesn’t prove that [Facebook's] developers aren’t thinking about security, I don’t know what would,” wrote one.
Facebook insisted the issue was only possible for a short period of time after a coding change.
“The bug was a result of one of our most recent code pushes and was live for a limited period of time,” a spokesperson said. “Not all content was accessible, rather a small number of one’s photos.
The system allowing the flaw has now been changed.