Facebook Midnight Delivery Flaw Reveals Private User Information With Little Effort
A major security bug forced Facebook to temporarily restrict access to its new Midnight Delivery messaging tool on Sunday, less than 24 hours after the Midnight Delivery system was made available to the public.
Facebook added the Midnight Delivery tool to their Facebook Stories site over the weekend, as a tool for those who wanted to send messages/photos to their friends and family as the clock strikes midnight on Monday evening.
Unfortunately, an embarrassing simple exploit for Facebook's new Midnight Delivery messaging system was discovered over the weekend, instantly changing the temporary tool from a novelty amusement to an unwanted cyber security and public relations fiasco.
The Midnight Delivery bug was first reported by IT student and blogger Jack Jenkins, who found that reading other peoples' messages was as simple as tinkering with an existing message's URL. The website would then display other users' messages (complete with accompanying photos in some cases) as if they'd be sent by Jenkins himself.
We had a chance to confirm the Midnight Delivery bug using several of our own personal accounts soon after the reports began to circulate online; however, Facebook has since been forced to take the Midnight Delivery tool offline to deal with the exploit. There's no word on when Facebook's Midnight Delivery bug might be fixed, and the tool brought back online, though we'd be willing to bet that Facebook engineers are working double-time to have it ready for New Year's Eve.
Though the flaw seems obvious, as The Verge notes, it would be extremely difficult (if not impossible) for someone to target a specific user(s) with the Midnight Delivery exploit. It also seems unlikely that anyone would be using the temporary messaging tool to transmit highly-sensitive information -- like credit card or identity-related information --but the fact remains that an absurdly simple bug still existed when Facebook launched the Midnight Delivery system.
Update: Facebook has confirmed that the company took the Midnight Delivery system offline on Sunday:
"We are working on a fix for this issue now," a Facebook spokeperson told iDigitalTimes via an emailed statement. "And in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed."
Facebook's Midnight Delivery tool was made available to the public again on Monday morning.
© 2014 iDigitalTimes All rights reserved. Do not reproduce without permission.