Facebook Fixing 'New Year's Midnight Delivery' Message Flaw
A security flaw that had allowed Facebook users to view others "New Year's Midnight Delivery" messages is being fixed by the social-networking service, according to a statement from the company cited by multiple tech websites.
The flaw was reportedly first pointed out by Jack Jenkins, who is described on a personal blog as a Business IT student. Facebook's "Midnight Delivery" is an app that can be installed that allows users to send a message to another person at midnight on New Year's eve.
According to Jenkins, by manipulating the Facebook ID "at the end of the URL of a sent message on the FacebookStories site, you are able to view other peoples Happy New Year messages."
Facebook became aware of the flaw and is currently fixing the problem. "[W]e are working on a fix for this issue now, and in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed," read a statement to The Verge.
During this writing, the Facebook "Midnight Delivery" page alternated between displaying correctly and listing that it was "undergoing some maintenance."