Public URLs allowed reading, deletion of other messages

An app created by Facebook has been shown to have a flaw, allowing readers to view messages created by other people. Designed to allow people to prepare messages ahead of an automatic sending at midnight, the Midnight Deliveries app security flaw exposes message data ahead of the intended delivery time.

IT student Jack Jenkins discovered the flaw, which relates to publicly-viewable URLs. Editing characters at the end of a message's URL lets the viewer see the message, along with mentioned individuals and photographs, of another user. Though it did not display who wrote the original message, according to The Verge, it did give the option to delete the message in its entirety.

Facebook was informed about the issue, shortly disabling the app until the flaw was closed. The app is now running again.

Privacy has been an issue for the social network in recent months. In October, a security researcher created a data farming tool that could collect phone numbers stored on the network. More recently, Randi Zuckerberg, sister of Mark Zuckerberg, publicly complained about a family photo being shared after a blogger saw it and though it was a public image, a matter that led to Randi to complain about digital ettiquette between people as opposed to the site's security settings, summing the matter up in a Twitter post by saying “It's not about privacy settings, it's about human decency.”

By Electronista Staff

Post tools:

TAGS :  

security, Facebook