I don’t envy the folks over at Facebook. With more than 1,000 employees, it’s definitely a large company, but when you consider that Facebook now has over 350 million users worldwide, it’s a wonder the site runs as efficiently as it does. Of course, it doesn’t work correctly all the time, as revealed by a recent loophole that allows private pictures to be viewed through a public URL.

When a Facebook user uploads an image to their profile, they have the option of using privacy controls to set the picture for viewing by “Only Me” (meaning that the user should be the only one to see the picture). However, as revealed by security company F-Secure, if you set your image to “Only Me” and then click on it from your Facebook Wall (where it will have appeared in your News Feed) the image will open in a new window with a URL at the bottom for public sharing.

Check out the pictures below to see what F-Secure is talking about.

-

-

-

The Security Watch Blog at PCMag.com also verified that the public link will appear if you follow F-Secure’s instructions for posting.

From Facebook’s perspective, I can see why this would not be perceived as an issue. The image is only accessible by the user, per the “Only Me” settings, and it is up to them to then choose to send the public link. However, I think that the public link option itself is the problem. If Facebook pictures that are meant to be kept private are assigned a public URL for sharing, couldn’t a hacker or a rogue Facebook employee grab them and share them against a user’s wishes? Furthermore, what if a bug or glitch in the system opened up these public URLs?

Users must understand that even if they use the highest level privacy settings, there is always a chance that what they post online will be seen by someone other than its intended audience. You should always keep this in the back of your mind before you share anything on the web.