Facebook New Year's App Exposes Users Private Messages
Last week, in preparation for New Year's Eve, social network Facebook launched a new feature that enabled users to send scheduled messages to their friends at the stroke of midnight on January 1. Unfortunately, it seems the new application wasn't quite as air tight as Facebook thought as British IT student Jack Jenkins discovered a pretty serious flaw with the system on New Year's Eve.
According to Jenkins' personal blog, he was able to see messages other Facebook users were sending via the service just by manipulating the ID in the URL. While you'll most likely see messages of people you don't know, the fact that your personal messages may be seen by a complete stranger is likely to make folks uneasy, especially if the messages they sent went beyond the usual New Year's salutations. What's more, Jenkins was able to successfully delete messages that had been sent by other users, which means some folks may have sent scheduled messages that never arrived.
Facebook took the service down once the flaw was made public and, with New Year's over and done with, the service is gone for good. However, Facebook did manage to get it fixed and back up in time for people to send messages, according to the Verge.