Midnight Message Delivery app suspended after a student was able to read private messages meant for other users.
Facebook has temporarily disabled its New Year’s Eve messaging tool after a university student was able to read and delete private messages intended for other users.
Jack Jenkins, a business IT student at Aberystwyth university, alerted Facebook to the privacy flaw after finding that a small tweak to a web address allowed him to view messages and photos sent by strangers using the new tool.
Jenkins wrote on his blog how he was shocked when he was able to view a personal New Year’s message and private family photo sent by a stranger to another named Facebook user.
He wrote: “I just wanted to share this. I don’t know how a site like Facebook can continue to take these kinds of risks. PLEASE Don’t go deleting random messages, but try and delete one of mine that I set up especially if you want.”
Facebook immediately disabled the feature after Jenkins published his blogpost.
It is understood that no messages sent on the Facebook website itself were viewable as the Midnight Message Delivery app existed on a separate Facebook Stories site.
A Facebook spokesman said: “We are working on a fix for this issue now, and in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed.”
The picture – of Randi Zuckerberg’s family’s reaction to Facebook’s new Poke app – popped up in the news feed of Callie Schweitzer of Vox Media who assumed it was public and reposted it on Twitter, where it was picked up by several prominent technology blogs.
• To contact the MediaGuardian news desk email email@example.com or phone 020 3353 3857. For all other inquiries please call the main Guardian switchboard on 020 3353 2000. If you are writing a comment for publication, please mark clearly “for publication”.
• To get the latest media news to your desktop or mobile, follow MediaGuardian on Twitter and Facebook.
Raw Story is a progressive news site that focuses on stories often ignored in the mainstream media. While giving coverage to the big stories of the day, we also bring our readers' attention to policy, politics, legal and human rights stories that get ignored in an infotainment culture driven solely by pageviews.
Founded in 2004, Raw Story reaches 9 million unique readers per month and serves more than 30 million pageviews.