Facebook Privacy Loophole Minor Compared to Other Fails

Facebook’s newest service lets you schedule a private greeting for your friends that will be delivered exactly on midnight, sparing you the choir of deciding on an acceptable timeframe before or after the New Year. The app is fairly straight-forward, but it appears that it launched with a rather inconvenient and undocumented feature.

A blogger by the name of Jack Jenkins discovered a loophole that allowed anyone with the URL to a Midnight Deliver confirmation message view the recipients and the greeting itself, which they could also delete. Facebook quickly pulled the plug on the service after the bug was picked up by The Verge, and has since resolved the issue.

Some more background:

“When a user successfully submits a message to be sent to their friends, he or she will be displayed a confirmation screen that displays a URL: http://www.facebookstories.com/midnightdelivery/confirmation?id=XXXXX. From here, anyone that’s curious can simply change the ID variable at the end of the web address and then view other messages left for people.”

This latest privacy scare is minor in comparison to what Facebook had to deal with   almost continuously for the past few years. Most recently, a change to Instagram’s ToS set off a mini-exodus that the company quickly stopped by reverting the terms. The now removed edit mentioned the use of individuals pictures in ads, a feature that sounds incredibly similar to Facebook’s own Sponsored Stories.

The latter set Facebook back $20 million earlier this month when it settled a class-action suit accusing the social network of using members’ information without their consent. About half that sum was set aside for affected users,  each eligible for a $10 reimbursement.

About Maria Deutscher

Maria Deutscher is a staff writer for SiliconANGLE covering all things enterprise and fresh. Her work takes her from the bowels of the corporate network up to the great free ranges of the open-source ecosystem and back on a daily basis, with the occasional pit stop in the world of end-users. She is especially passionate about cloud computing and data analytics, although she also has a soft spot for stories that diverge from the beaten track to provide a more unique perspective on the complexities of the industry.