This article was published on December 31, 2012

Just in time: Facebook restores New Year’s messaging service after plugging privacy loophole


Just in time: Facebook restores New Year’s messaging service after plugging privacy loophole

Earlier today, social networking giant Facebook was caught with its pants down when blogger Jack Jenkins noticed a privacy flaw with its New Year ‘Midnight Delivery’ messaging service. To its credit, Facebook was quick to acknowledge the security snafu and promptly took the service offline.

The Midnight Delivery service basically enables its 1 billion+ users to wish friends a happy 2013 with a private message that will be delivered to their Facebook inbox at midnight on December 31.

For the record: midnight has already passed in some parts of the world at the time of publication, including New Zealand.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The private messages, however, had rather public confirmation pages, making them available to anyone who had the URL syntax. You couldn’t see who sent the messages, but you could see all the intended recipients, and the message itself, if you tweaked the URL the right way.

You could also see personal images that were added to messages, and worse, you could actually delete messages from the server.

The embarrassing bug has now been fixed, so you can head on over to Facebook Stories to schedule your private messages for midnight again.

This isn’t the first time that Facebook has had issues with personal messages being displayed to the public. As TNW’s Emil Protalinski reported in September, users claimed to see private messages in their Timelines.

It wasn’t a widespread issue with Facebook saying that they were old Wall posts, but readers told us otherwise.

Not only that, but in November, the social network was plagued by a security hole that allowed anyone to see the email addresses corresponding to certain Facebook accounts.

It was discovered through a Google search and may have provided a direct link to apparently 1.35 million accounts.

Just this month, Facebook has launched updated privacy settings to help users feel better about how their content is being shared.

Top image credit: JUAN MABROMATA for AFP / Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top