Well, this is no way to celebrate Flickr's ninth birthday. The Yahoo-owned photo-sharing site is quietly dealing with the fallout from a bug that caused the settings on an unknown number of private photos to become publicly visible between January 18 and February 7. The photos were not included in Flickr's search engine or outside search engines, Flickr told users, but they would have been visible to a viewer who was browsing an affected photographer's stream.

"Only a small number of Flickr users were impacted, and we are in the process of directly contacting those individuals," Flickr vice president Barry Wayn told users in a help forum thread. "This is not a widespread nor an ongoing issue — the software bug has been identified and fixed."

"I had a few naughty photos and they are for friends only."

The breach may have affected only a small percentage of users, but it's a blow to Flickr's credibility considering the company reassures users that "your photos are safe with us," and "member privacy is very important to us at Flickr." And yes, some X-rated photos were temporarily made public. "I had a few naughty photos and they are for friends only," wrote user kathynails1.

"Flickr has a pretty significant but very carefully hidden huge amateur porn community — just search for 'milf' with safe search off for all photos," photographer and outspoken Flickr critic Thomas Hawk said in an email. "I'd imagine these would be the people most likely affected in a serious way by this."

Other users who noticed the bug last week reported that they tried to set their suddenly-public photos back to private, but the settings kept reverting to public.

Some users, especially those paying for a Flickr Pro account, were upset enough to threaten defection. "Thanks for alerting me to the problem that private photos might get public," one paid user wrote in the forums. I immediately deleted my private photos — but I wonder if they are really gone or if they turn up again at some point. I consider deleting my whole account [sic]."

Flickr set "any potentially impacted photos" to private, in an attempt to make things right. However, this has caused additional problems for affected users, who found that their intentionally public photos were now private. Some users reported that they now have to comb through hundreds of photos and manually set them back to public. Setting a photo to private also apparently wipes the description and breaks the code anywhere else the photo is embedded on the web.

Flickr overcorrected by setting public photos to private, which created additional problems

"it has utterly decimated my food blogging site which is a huge source of revenue for me," paid user MommyNamedApril wrote in the forum. "Not only do I have to go back and change all the permissions, BUT changing the permissions changes the code, which means I have to go through each post and re-apply all my pictures. This is HUNDREDS of pictures. I am utterly disgusted and shaking I am so angry."

Update: A Yahoo spokesperson says the breach was "very, very small," which is why the company is contacting users directly rather than posting an announcement on the company blog. She declined to give a specific number. "We're deeply sorry this happened and that we're working with affected users directly to fix the issue," she said. The bug was caused during "routine maintenance," she added, and Flickr users should have every expectation that Flickr will keep their private photos private.



