Facebook disables Midnight Message Delivery app after student discovers security flaw
Social media site Facebook has withdrawn its New Year's Eve messaging tool temporarily after one user was able to read and delete private messages meant for other users.
Facebook was alerted to the issue after Aberystwyth University business IT student Jack Jenkins discovered that by making a small change to a web address he could gain access to messages and photos sent by others using the tool.
Writing on his blog Jenkins commented: "I just wanted to share this. I don't know how a site like Facebook can continue to take these kinds of risks. PLEASE Don't go deleting random messages, but try and delete one of mine that I set up especially if you want."
Facebook disabled the Midnight Message Delivery app - which was created for users to send New Year's Eve messages at midnight tonight - after Jenkins blog went public.
A spokesperson for the social media network explained Facebook was "working on a fix for this issue now, and in the interim we have disabled this app on the Facebook Stories site to ensure no messages can be accessed."