Flickr accidentally made some private photos public for 20 days (update: Yahoo responds)

An unknown number of users at Yahoo's photo-sharing site had their photos revealed to the world

38

Well, this is no way to celebrate Flickr's ninth birthday. The Yahoo-owned photo-sharing site is quietly dealing with the fallout from a bug that caused the settings on an unknown number of private photos to become publicly visible between January 18 and February 7. The photos were not included in Flickr's search engine or outside search engines, Flickr told users, but they would have been visible to a viewer who was browsing an affected photographer's stream.

"Only a small number of Flickr users were impacted, and we are in the process of directly contacting those individuals," Flickr vice president Barry Wayn told users in a help forum thread. "This is not a widespread nor an ongoing issue — the software bug has been identified and fixed."

"I had a few naughty photos and they are for friends only."

The breach may have affected only a small percentage of users, but it's a blow to Flickr's credibility considering the company reassures users that "your photos are safe with us," and "member privacy is very important to us at Flickr." And yes, some X-rated photos were temporarily made public. "I had a few naughty photos and they are for friends only," wrote user kathynails1.

"Flickr has a pretty significant but very carefully hidden huge amateur porn community — just search for 'milf' with safe search off for all photos," photographer and outspoken Flickr critic Thomas Hawk said in an email. "I'd imagine these would be the people most likely affected in a serious way by this."

Other users who noticed the bug last week reported that they tried to set their suddenly-public photos back to private, but the settings kept reverting to public.

Some users, especially those paying for a Flickr Pro account, were upset enough to threaten defection. "Thanks for alerting me to the problem that private photos might get public," one paid user wrote in the forums. I immediately deleted my private photos — but I wonder if they are really gone or if they turn up again at some point. I consider deleting my whole account [sic]."

Flickr set "any potentially impacted photos" to private, in an attempt to make things right. However, this has caused additional problems for affected users, who found that their intentionally public photos were now private. Some users reported that they now have to comb through hundreds of photos and manually set them back to public. Setting a photo to private also apparently wipes the description and breaks the code anywhere else the photo is embedded on the web.

Flickr overcorrected by setting public photos to private, which created additional problems

"it has utterly decimated my food blogging site which is a huge source of revenue for me," paid user MommyNamedApril wrote in the forum. "Not only do I have to go back and change all the permissions, BUT changing the permissions changes the code, which means I have to go through each post and re-apply all my pictures. This is HUNDREDS of pictures. I am utterly disgusted and shaking I am so angry."

Update: A Yahoo spokesperson says the breach was "very, very small," which is why the company is contacting users directly rather than posting an announcement on the company blog. She declined to give a specific number. "We're deeply sorry this happened and that we're working with affected users directly to fix the issue," she said. The bug was caused during "routine maintenance," she added, and Flickr users should have every expectation that Flickr will keep their private photos private.


Back to top ^
X
Log In Sign Up

forgot?
Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.
Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5345_tracker