Facebook confirmed the bug Friday, after notifying affected users of the issue.
Andrew Jones was one of the victims. He thought that his Facebook account had been hijacked Sunday after a friend pointed out a spam message on his wall. He quickly changed his password, but worried that some of his other e-mail accounts might have been taken over too. "No other signs of compromise were visible, and I concluded the most likely scenario was a public computer I had used recently had some type of malware on it," he told the IDG News Service via e-mail.
Turns out that the problem was all Facebook's.
"Earlier this week, we discovered a bug in the code that processes photos as they're uploaded. This bug caused us not to make the correct checks when determining whether a photo should be posted to a person's profile," Facebook said Friday in an e-mailed statement. "We quickly worked to resolve the issue and fixed it shortly after discovering it. For a short period of time before it was fixed, a single spammer was able to post photos to people's profiles that they hadn't approved."
Most of the messages promised "Free iPhones," a common spam message on Facebook these days. generally take users to websites where they are instructed to fill out marketing surveys or sign up for product subscriptions. Victims have reported having their phone numbers inundated with calls after filling out these surveys.