In a major security flaw, the Midnight Deliveries feature that has been recently launched by Facebook allowed anyone to see private photos and messages sent by people through the service.
This feature had been designed to allow folks to send messages which are to be delivered as soon as the clock strikes midnight for the New Year.
This security flaw was first described by Jack Jenkins, IT student, in his blog post. The flaw was basically in the URL of these messages, which the company had made public.
According to The Verge, this slip-up allows Facebook users, who are logged in, to view the photos and messages of others and even delete them. By altering the digits at the end of URL, the users can access the messages and photos of others. However, targeting specific users is not possible.
After receiving complaints about the security mishap, Facebook has taken down the New Year service site for maintenance. A spokesperson from Facebook spoke to The Verge about the issue that they are working on fixing the problem.
In the meantime, the app has been disabled on Facebook Stories site so that messages on the app will not be accessible to anyone until the app is up and running again.
Even though the New Year's greetings so exposed might not contain much of sensitive material, it is still a matter of serious concern as people are able to see private messages meant for others. It is advisable for users to wait for a fix for the security flaw to send New Year messages to others at dot midnight.