Earlier today, social networking giant Facebook was caught with its pants down when blogger Jack Jenkins noticed a privacy flaw with its New Year ‘Midnight Delivery’ messaging service. To its credit, Facebook was quick to acknowledge the security snafu and promptly took the service offline.
The Midnight Delivery service basically enables its 1 billion+ users to wish friends a happy 2013 with a private message that will be delivered to their Facebook inbox at midnight on December 31.
For the record: midnight has already passed in some parts of the world at the time of publication, including New Zealand.
The private messages, however, had rather public confirmation pages, making them available to anyone who had the URL syntax. You couldn’t see who sent the messages, but you could see all the intended recipients, and the message itself, if you tweaked the URL the right way.
You could also see personal images that were added to messages, and worse, you could actually delete messages from the server.
The embarrassing bug has now been fixed, so you can head on over to Facebook Stories to schedule your private messages for midnight again.
This isn’t the first time that Facebook has had issues with personal messages being displayed to the public. As TNW’s Emil Protalinski reported in September, users claimed to see private messages in their Timelines.
It wasn’t a widespread issue with Facebook saying that they were old Wall posts, but readers told us otherwise.
Not only that, but in November, the social network was plagued by a security hole that allowed anyone to see the email addresses corresponding to certain Facebook accounts.
It was discovered through a Google search and may have provided a direct link to apparently 1.35 million accounts.
Just this month, Facebook has launched updated privacy settings to help users feel better about how their content is being shared.
Top image credit: JUAN MABROMATA for AFP / Getty Images