Facebook Glitch Made Private New Year's Messages Very Public
A privacy glitch in a special New Year's Eve messaging feature on Facebook saw the social network stumble into 2013. Until it was fixed, the flaw made it possible for anyone to read another person's private end-of-year message.
The bug was discovered by business IT student Jack Jenkins, who told the Guardian that by making a small change to the URL of his own message, he was able to access the messages sent by and meant for total strangers.
Jenkins said the trick allowed him to view photos, read message content and delete messages.
The special feature was intended for users to pre-send a New Year's Eve message in order for it to be delivered at exactly midnight on Dec. 31 in the recipient's time zone.
"Some messages do contain a photo, one such message I saw contained a photo of a father and their child, another a family photo, another was a personally written message," Jenkins wrote on his blog.
Facebook never responded to Jenkins but it reacted to the news quickly, taking the feature down for almost half a day to make the fix.
"I just wanted to share this. I don’t know how a site like Facebook can continue to take these kinds of risks. PLEASE Don’t go deleting random messages," Jenkins wrote on Dec. 31. "Facebook still haven't got back to me personally with any response. This is the reason that I contacted The Verge, to actually get some action taken."
The glitch did not affect normal Facebook messages. The feature linked users to messages on a separate Facebook site called facebookstories.com.
Since its inception, Facebook has been accused of taking a lackadaisical approach to user privacy and security.
In the most recent high-profile example of the difficulties of controlling who sees what, Randy Zuckerberg, a former Facebook employee and sister of CEO and founder Mark Zuckerberg, publicly criticized a blogger for tweeting what was supposed to be a "private" Zuckerberg family photo.