Tuesday, January 1, 2013

Rosa Golijan , NBC News 1.1.13

Facebook security glitch exposes users' New Year's Eve messages



Facebook

Facebook took down the Midnight Deliveries app after a security glitch exposed users' messages

Whew! Facebook saved countless users from New Year's Eve humiliation ... after initially exposing their private messages.

Facebook's Midnight Delivery app allows users to schedule private messages to wish friends a happy new year exactly when the clock strikes twelve. This is fantastic for those who intend on having a glass of Champagne or five as 2013 approaches, as it will let them schedule a polite message along the lines of "Happy New Year, my beloved friends!" instead of drunk texting everyone  something like "I'm sooooo wasted right nowljskf and happy NEW YeAr! 2013 FTW! YOLO!" when the ball in Times Square drops.

Now great as Facebook's little app sounds, there was just one problem: A security glitch temporarily exposed users' scheduled messages to the general public.

The Next Web's Robin Wauters reports that when a user scheduled a Midnight Deliveries message, he or she was presented with a confirmation page. Unfortunately, that confirmation page could be viewed by anyone who happens to guess its URL. "You couldn’t see who sent the messages," Wauters explains, "but you could see all the intended recipients, and the message itself, if you tweaked the URL the right way."

Those toying around with URLs could also see images which were attached to those scheduled massages. And to add insult to injury, they could also delete the correspondences.

"We are working on a fix for this issue now," a Facebook spokesperson told NBC News via email. "[A]nd in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed."

Perhaps the more prudent approach, for the time being, is to just plain type out a "Happy New Year!!!!1!!!" text message and send it to everyone in your contacts at midnight.

Want more tech news or interesting links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)