Hot off the back of its Instagram gaff, Facebook has suffered another blow to its reputation, as its Midnight Message Delivery app, that was designed to allow people to leave messages for loved ones that would be sent automatically as the New Year rolled around, had a gaping hole in its security.
Discovered by Welsh student Jack Jenkins – who promptly informed Facebook of the vulnerability – the bug allowed him to view messages and photos left by other people, simply by changing the URL in the address bar. While he did add the caveat that he wasn’t able to see much personal information, the name of the recipient was easily available.
Discussing it on his website, Jenkins noted that one of the most worrying parts of the bug was that it allowed user’s to delete messages left by other people.
Several hours later the service, which had to be accessed through Facebook Stories, seemed to be down, prompting Jenkins to assume that the social network’s team was working on the issue. Several hours later it was fixed and ready to roll for midnight.
You have to wonder how many people exploited this before it was caught.
KitGuru Says: So if you were expecting a message via this service from someone that never arrived, don’t assume they were being rude just yet.