Facebook, in all its wisdom, decided to release a new service which allows users to do this very thing, only on an automated level.
Called “Midnight Delivery,” Facebook’s Stories site allows users to wish one another well without actually having to be coherent at the stroke of midnight 2013 to do so.
The service was found to be flawed early on but has since been fixed, as confirmed by The Next Web.
The way it’s supposed to work is simple: Users create a message and choose who they want to send it to. When the clock hits midnight, the message will land in the recipients inbox, easy as you please.
Yet, one blogger discovered that the new service had one fatal flaw: The messages could be seen by anyone willing enough to fudge the URL a bit.
According to Jack Jenkins, anyone could manipulate the ID number at the end of a very basic URL.
“For example, I made this test one which you should be able to see saying “TEST TEST TEST TEST” wrote Jenkins.
“If you manipulate the ID, you can view other people’s messages, just change the ID number up or down a few,” he continued.
Jenkins read some of these messages, saying he found a few with pictures and private messages in them. Jenkins also noted that his profile picture showed up as “sender” of the message, noting that he couldn’t see who had actually sent the message.
According to The Next Web, Facebook took the Stories site offline last night in order to “make some updates.” When users visited the site, they were greeted with a message which read: “This site is currently undergoing some maintenance.”
Later in the evening, a spokesperson for Facebook confirmed the issue, saying in a statement: “We are working on a fix for this issue now, and in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed.”
As of bright and early this morning the security flaw had been fixed and the social network restored access to the site, allowing users to create their special holiday messages once more.
It’s a good move on Facebook’s part to have fixed this error so quickly.
After all, as many sites had mentioned, while allowing public access to private messages is always a terrible thing, it could have been worse for those sharing “extra special” messages to one another to ring in the New Year.
As we approach a brand new year, let us look on the bright side of Facebook’s most recent and likely most short-lived privacy scandal.
The social giant has taught us all a valuable lesson: Never assume that anything online will ever be private.
Keeping this in mind, perhaps it’s not too late to make a last-minute amendment to the old New Year’s Resolution list? Perhaps something along the lines of “No Nudes in 2013?”
Source: redOrbit.com – Your Universe Online
Facebook’s “Midnight Delivery” New Year Service Flaw Fixed