Flickr Privacy Bug Set Some Private Photos To Public

flickr-logo-smallA bug at Flickr caused some people to have their private photos opened to public view over the past three weeks. Flickr said the bug only impacted a small number of users and only photos uploaded from April to December 2012.

Flickr Quietly Tells Users

Flickr made no post about this on its blog. Instead, yesterday, as one of the impacted users, Flickr sent me an email to politely let me know that hundreds of my private photos were opened to the public for a 20-day period recently. The email said Flickr had:

Identified a software bug that may have changed the view setting on some of your photos from non-public (i.e., private or viewable only by family and friends) to public.

The email said private content was made visible to the public between January 18th and February 7th, 2013. The images that were affected were those uploaded between the dates of April and December of 2012, an 8-month time period, the email explained.

For me, that means almost 700 of very private family pictures and videos I specifically chose not to share were available to the public.

Photos Not In Search, Only Viewable With Direct Link

Flickr was unable to tell me if anyone actually did see my private photos, when I asked.

The email did say that the only way someone could view these photos would have been if they had “direct links to a photo’s page.” The photos were not “in Flickr search during that time, nor were they indexed by search engines,” the email said.

I emailed with follow-up questions all last night, and Flickr’s support responded typically within 30 minutes of each email. So, I feel Flickr is taking this seriously.

Were Your Photos Exposed?

How do you know if the bug hit your account? Two ways:

First, you should have received an email from Brett Wayn, vice president of Flickr with the subject line “An important message about your Flickr account.”

Here is the full email I received from Flickr:

flickr-privacy-breach

Another way would be that images that you may have embedded on third-party websites with some privacy settings would have been reset to private and those images would be displayed on the third-party website as a broken image. Flickr said:

When we discovered the bug, we took the added precaution of setting any potentially impacted photos in your account to “private.” When a photo is set to “private,” links and embeds on other websites will no longer work. This means you may have photos you intended to share with others that you may need to adjust the settings on.

There is a group of users complaining about this on Flickr help forums.

There’s also a test you can try to reassure you weren’t hit. If you’re signed-in to Flickr, click on this help link that was sent out in the email. You should get a message like this, if all’s fine:

Help | Flickr

As someone who was affected by this, not knowing if anyone saw my photos or not is incredibly disconcerting. Will this influence me to leave Flickr? Probably not at this point. Flickr did say that they “put in place a number of additional measures to prevent this from happening again.”

Postscript: Yahoo contacted us to say that the percentage of people impacted was small, though it wouldn’t provide the actual figure, and added that since it was so small, the company’s priority was on directly contacting those impacted.

Related Topics: Channel: Social Media Marketing | Legal: Privacy | Top News | Yahoo: Flickr

Sponsored


About The Author: is Search Engine Land's News Editor and owns RustyBrick, a NY based web consulting firm. He also runs Search Engine Roundtable, a popular search blog on very advanced SEM topics. Barry's personal blog is named Cartoon Barry and he can be followed on Twitter here. For more background information on Barry, see his full bio over here.

Connect with the author via: Email | Twitter | Google+ | LinkedIn



Marketing Day:

Get the top marketing stories daily!  

Share

Other ways to share:
 

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. You can read more about our comments policy here.
  • keaner

    “Yahoo contacted us to say that the percentage of people impacted was
    small, though it wouldn’t provide the actual figure, and added that
    since it was so small, the company’s priority was on directly contacting
    those impacted.”

    Yeah right , that’s a nice way to say we don’t want the media to find out we cant control our own privacy settings. So hopefully by only telling users it will be missed and people wont realize what a joke privacy is on flickr.

  • daposter

    they learned from Facebook, where, oops, all of a sudden there is a new ‘feature’ and, by the way “you need to re-set all your privacy preferences”: oh, just by coincidence everything was open.
    So until I got around to that because someone told me to log in and check, all bots who wait for new things to access, had certainly grabbed what they could.

    I left facebook for these ‘oopses’ and for other things like their marginalization algorithms (I don’t play online games and don’t agree to have posted on my bahalf and don’t agree to give my and all my friends’ info to apps: so I am not ‘product’ but just free user – got nothing, no updates, saw only two pages of stuff happening).

    So should you: this ‘oops, sorry, ‘ opening opens everything for all them bots and marketing clients who wait to grab what they can.

    It is not by accident. Legal rules about how to run data centers do prevent that.

  • http://thomashawk.com/ Thomas Hawk

    This is not a big deal. It apparently affected a very small number of accounts. This is one of those things that sounds a lot worse than it probably was. It is a good reminder though that almost anything you upload to the web is potentially at risk for public exposure regardless of any settings. Someone could hack into your account, a friend/family that you *did* give access to could reshare that image or download it — lots of things could happen.

    It is admirable and notable that Flickr GM and VP Brett Wayn personally issued a message under his own signature to the accounts affected. This sort of message could have easily been covered under a more generic “to whom it may concern” sort of response.

    While this sort of thing makes salacious headline material, to me it’s really not that big of deal. The bigger story is that Flickr is in the midst of an amazing renaissance rebuilding itself as a serious photo contender on the web. The recent iPhone app, the new justified mosaic layout, the staffing up and hiring of designers and engineers — the future feels bright for Flickr for the first time in many years. Marissa Mayer may be the first Yahoo CEO ever to publicly have a Flickr account.

    These are the things that I think are more important and what people should be focused on.

Get Our News, Everywhere!

Daily Email:

Follow Marketing Land on Twitter @marketingland Like Marketing Land on Facebook Follow Marketing Land on Google+ Subscribe to Our Feed! Join our LinkedIn Group Check out our Tumblr! See us on Pinterest

 
 

Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States

Europe

Australia & China

Learn more about: SMX | MarTech


Free Daily Marketing News!

Marketing Day is a once-per-day newsletter update - sign up below and get the news delivered to you!