A bug at Flickr caused some people to have their private photos opened to public view over the past three weeks. Flickr said the bug only impacted a small number of users and only photos uploaded from April to December 2012.
Flickr Quietly Tells Users
Flickr made no post about this on its blog. Instead, yesterday, as one of the impacted users, Flickr sent me an email to politely let me know that hundreds of my private photos were opened to the public for a 20-day period recently. The email said Flickr had:
Identified a software bug that may have changed the view setting on some of your photos from non-public (i.e., private or viewable only by family and friends) to public.
The email said private content was made visible to the public between January 18th and February 7th, 2013. The images that were affected were those uploaded between the dates of April and December of 2012, an 8-month time period, the email explained.
For me, that means almost 700 of very private family pictures and videos I specifically chose not to share were available to the public.
Photos Not In Search, Only Viewable With Direct Link
Flickr was unable to tell me if anyone actually did see my private photos, when I asked.
The email did say that the only way someone could view these photos would have been if they had “direct links to a photo’s page.” The photos were not “in Flickr search during that time, nor were they indexed by search engines,” the email said.
I emailed with follow-up questions all last night, and Flickr’s support responded typically within 30 minutes of each email. So, I feel Flickr is taking this seriously.
Were Your Photos Exposed?
How do you know if the bug hit your account? Two ways:
First, you should have received an email from Brett Wayn, vice president of Flickr with the subject line “An important message about your Flickr account.”
Here is the full email I received from Flickr:
Another way would be that images that you may have embedded on third-party websites with some privacy settings would have been reset to private and those images would be displayed on the third-party website as a broken image. Flickr said:
When we discovered the bug, we took the added precaution of setting any potentially impacted photos in your account to “private.” When a photo is set to “private,” links and embeds on other websites will no longer work. This means you may have photos you intended to share with others that you may need to adjust the settings on.
There is a group of users complaining about this on Flickr help forums.
There’s also a test you can try to reassure you weren’t hit. If you’re signed-in to Flickr, click on this help link that was sent out in the email. You should get a message like this, if all’s fine:
As someone who was affected by this, not knowing if anyone saw my photos or not is incredibly disconcerting. Will this influence me to leave Flickr? Probably not at this point. Flickr did say that they “put in place a number of additional measures to prevent this from happening again.”
Postscript: Yahoo contacted us to say that the percentage of people impacted was small, though it wouldn’t provide the actual figure, and added that since it was so small, the company’s priority was on directly contacting those impacted.