The social networking site has repeatedly come under attack for its constantly changing privacy and security features that at times made private information, including photos and comments, publicly available.
The security flaw, first exposed by a bodybuilding website, was discovered yesterday by Facebook which went into damage control mode after the glitch made it possible to access its founder Zuckerberg's private photos with his girlfriend and friends.
Over two dozen photos of Zuckerberg were visible online, including those with his girlfriend Priscilla Chan at his California home, one with President Obama at the White House, some showing him cooking meals, hanging out with friends, playing with his puppy and distributing Halloween candy to kids.
In a statement, Facebook said it had discovered a "bug" that allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos.
"This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed."
The bug was in the site's tool through which users can report inappropriate and offensive content. A user at the website 'Bodybuilding.com' clicked on a person's profile picture, then reported to Facebook that it contained nudity or was of inappropriate nature.
Facebook, with more than 800 million users worldwide, is expected to go public next year, a move that will value the company the college dropout founded in his Harvard dorm at 100 billion dollars.
However, as Facebook's popularity skyrocketed, it took some backlash for making users' information accessible to marketing companies and advertisers.
Last month, Facebook reached a settlement with the US Federal Trade Commission, which had charged that the company "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public."
The settlement states that Facebook is required "to establish and maintain a comprehensive privacy programme.