Facebook’s Midnight Message Delivery feature is back online after the social network temporarily disabled it in order to deal with a bug discovered by blogger and Aberystwyth University student Jack Jenkins.
The Guardian reported on the blog post by Jenkins, who wrote:
By simple manipulation of the ID at the end of the URL of a sent message on the Facebook Stories site, you are able to view other people’s Happy New Year messages. At least I was when I edited the ID for myself.
For example, I made this test one, which you should be able to see saying “TEST TEST TEST TEST.” If you manipulate the ID, you can view other people’s messages — just change the ID number up or down a few.
It is, you may say, a pretty harmless flaw, as they tend to be generic messages and you can’t see who sent them (it shows your profile pic next to the message, as if you’ve sent it). However you can see the names of the recipients of the message.
A very bad part of it all is that I think that you can actually delete other people’s messages, which I have tested for myself on a single message, as I thought that it would say access denied.
A Facebook spokesperson told The Guardian:
We are working on a fix for this issue now, and in the interim, we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed.
I have just checked, the bug/oversight has now been fixed. You can no longer access other people’s messages by changing the confirmation message ID.
Readers: Will you think twice before using Midnight Message Delivery, or do you think the bug was harmless?
Time out image courtesy of Shutterstock.