Student discovers Facebook site flaw

Facebook has been forced to disable a messaging feature after a Welsh student uncovered a flaw allowing him to read strangers’ private messages.
By The Newsroom
Published 1st Jan 2013, 06:00 BST

The New Year’s Midnight Delivery feature was set up on
Facebook Stories to enable users to write messages to friends to
be automatically sent after midnight.

Aberystwyth University student Jack Jenkins discovered that by tweaking the Url after sending a message, he could read and even delete other users’ messages.

Hide Ad
Hide Ad

He blogged about the error, writing: “I just wanted to share this. I don’t know how a site like Facebook can continue to take these kinds of risks. PLEASE Don’t go deleting random messages, but try and delete one of mine that I set up especially if you want.”

Facebook promptly disabled the feature upon discovering the issue. A spokesman for Facebook confirmed that the site is back up and running again, and that it had been taken offline for a time while they dealt with the issue.

Facebook Stories is a separate site from the main Facebook site.

Related topics:Facebook