If you’re a heavy user of the social network Facebook, you may know that Facebook is offering a special Midnight Delivery feature that would place special messages into your friends’ in boxes on Facebook at the stroke of midnight. The idea was to allow users to wish their friends a happy new year. Facebook has now admitted that there was a security flaw with the service and has pulled the service off-line.
Facebook has admitted that there was a flaw that allowed messages to be viewed and deleted by anyone who had the URL syntax. After you entered a message with the service, you were given a confirmation page to view that had a URL. All a user had to do to view any other message left for the system was change the last six-digit number.
By changing that last six-digit number, users could read the messages and delete them. At least the flaw didn’t allow the messages to be changed, that could have been very awkward indeed. It’s unclear at this point, if the system will come back online, so if you have anything important tell your friends, you might want to seek alternative means.
via The Next Web