Facebook recently launched an app that allows users to write New Year’s Eve messages ahead of time, avoiding network congestion issues when the clock strikes midnight and millions of Facebook users take to the social network to wish everyone a Happy New Year! Unfortunately a security flaw in that app allowed users to view those messages without permission and before midnight.
The Midnight Deliveries app flaw was discovered by IT student Jack Jenkins and it specifically relates to publicly-viewable URLs.
By editing characters at the end of a message’s URL viewers can see the message, along with mentioned individuals and photographs, of another user.
While those edited URLs did not display who wrote the original message, it did allow users to delete the message in its entirety without permission from the posting party.
For a short period of time Facebook closed down the app, only to open it with a quick fix a short time later.
Facebook is no stranger to security flaws that expose a users private information, in October a security firm created a data mining tool that collected phone numbers of users that were stored on the network. Most recently Randi Zuckerberg, sister to Facebook CEO and Founder Mark Zuckerberg, complained about privacy issues on Facebook after a family photo was leaked online.