Facebook was forced to temporarily disable its "Midnight Delivery" New Year's messages feature after a privacy flaw was exposed by an information technology student early Monday morning.
Facebook quickly took note of the problem and brought Midnight Delivery offline for maintenance. It has since been fixed and is available for use.
Midnight Delivery, which was introduced this year, was designed to allow you to write a message to friends or loved ones that will be delivered exactly as 2012 ends and 2013 begins. However, student and blogger Jack Jenkins noticed a problem: he easily exposed private messages and photos sent via the Facebook app by simply modifying the URL of his own messages.
Jenkins, in his blog post about the problem, noted that it was a "pretty harmless flaw," as you couldn't tell who sent the messages on which you were suddenly able to spy.
However, he was able to see family photos attached to private messages and he realized he could exploit the problem to delete other people's messages surely unwelcome findings by anybody who's used Midnight Delivery.
Frustrated about the privacy problem, Jenkins tipped off The Verge about it, which then notified Facebook. After the app was taken offline, a Facebook rep told The Verge that "we are working on a fix for this issue now, and in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed."