It seems that Facebook has finally fixed a bug in their New Year Message service app. The service allowed people to send messages to their friends on the stroke of midnight but due to the bug other people could access private messages.
The bug which was was discovered by Jack Jenkins, a Aberystwyth University student, who posted about it on his blog, allowed other people to view private messages.
His blog post read: Facebook however have not been very security consious when setting this up. By simple manipulation of the ID at the end of the URL of a sent message on the FacebookStories site, you are able to view other peoples Happy New Year messages. At least I was when I edited the ID for myself.
Facebook had launched the service last week, called the Midnight Message Delivery feature to allow users to send New Year’s messages to friends that would automatically arrive on the stroke of midnight.
As Jenkins pointed out that by tweaking the id in the URL, users could see other people’s message. Facebook later confirmed this flaw and temporarily disabled the service.
TheVerge, quoted a Facebook spokesperson as saying, “We are working on a fix for this issue now, and in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed.”
It seems that Facebook has fixed this error later. Jenkins later updated that : I have just checked, the bug / oversight has now been fixed. You can no longer access other people’s messages, by changing the confirmation message ID.