Facebook security flub allowed anyone to view private New Year’s Eve messages

facebook stories

If you’re looking to send a message to your friends or family at the crack of the New Year, Facebook’s “Midnight Delivery” app will deliver a customized Happy New Year Message when the clock strikes 12:00 AM. Just don’t make your 2013 salutations too private. Blogger Jack Jenkins discovered that Facebook’s Midnight Delivery app had a security flaw that allowed users to snoop through other other people’s New Years Eve messages with one very simple hack.

Jenkins found that by changing the ID numbers at the end of the a message URL, you could browse through random messages that other users were sending to each other. Each message is given a Facebook-generated number, similar to how Facebook uses unique ID numbers to identify each user. For instance, after sending a message, you might receive the URL http://www.facebookstories.com/midnightdelivery/confirmation?id=76188. By changing the 76188 to another string of five digits, you could see someone else’s message.

Facebook has since fixed the flaw, so the above link will prompt you to log in, rather than displaying a private message. For anyone who sent a message prior to the fix, there isn’t much to worry about. The name of the sender was never publicly viewable – only his or her picture. The name and profile picture of the message recipient, on the other hand, were visible. The greater concern might be that third-party viewers could delete the messages in question, so you may want to double to check to make sure you’re midnight greetings are still on schedule.

Mobile

WhatsApp finally gives in to the lure of cash-generating ads

WhatsApp's co-founders always said their messaging app would never show ads, but once the pair quit the company, it seemed inevitable that its owner, Facebook, would find a way to incorporate them.
Mobile

The 100 best Android apps turn your phone into a jack-of-all-trades

Choosing which apps to download is tricky, especially given how enormous and cluttered the Google Play Store has become. We rounded up 100 of the best Android apps and divided them neatly, with each suited for a different occasion.
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Mobile

These 100 best iPhone apps will turn your phone into a jack-of-all-trades

The iPhone is the most popular smartphone in the world, and we want to bring out the best in yours. Behold our comprehensive list of the best iPhone apps, from time-saving productivity tools to fun apps you won’t be able to put down.
Computing

These 30 useful apps are absolutely essential for Mac lovers

There are literally hundreds of thousands of great software programs compatible with MacOS, but which should you download? Look no further than our list of the best Mac apps you can find for the latest MacOS and how they can help out your…
Computing

Urban legends for the digital age: The best scary stories from the internet

In need of some simple scares this Halloween? We've combed the internet for the best creepypastas, urban legends, and scary stories. From found footage YouTube videos to a deceptively scary wiki, these stories are sure to spook.
Mobile

Shazam hooks up with Instagram Stories for another way to share songs

The latest update for Apple-owned Shazam lets iPhone users share music tracks to Instagram Stories in a few quick taps. To enable the feature, just make sure you have the latest version of Shazam loaded on your handset.
Social Media

Dine and dash(board): Make a Yelp reservation from your car’s control panel

Already in the car, but can't decide where to eat? Yelp Reservations can now be added to some dashboard touchscreens. Yelp Reservations searches for restaurants within 25 miles of the vehicle's location.
Computing

Hackers sold 120 million private Facebook messages, report says

Up to 120 million private Facebook messages were being sold online by hackers this fall. The breach was first discovered in September and the messages were obtained through unnamed rogue browser extensions. 
Web

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. You're in luck -- we've gathered 23 of the best subreddits to help…
Social Media

Facebook opens pop-up stores at Macy’s, but they’re not selling the Portal

Facebook has opened pop-up stores at multiple Macy's, though they're not selling Facebook's new Portal device. Instead, they're showcasing small businesses and brands that are already popular on Facebook and Instagram.
Social Media

Facebook Messenger will soon let you delete sent messages

A feature coming to Facebook Messenger will let you delete a message for up to 10 minutes after you send it. The company promised the feature months ago and this week said it really is on its way ... "soon."
Social Media

Pinterest brings followed content front and center with full-width Pin format

Want to see Pinterest recommendations, or just Pins from followed users? Now Pinners can choose with a Pinterest Following feed update. The secondary feed eliminates recommendation and is (almost) chronological.
Smart Home

Facebook's Alexa-enabled video-calling devices begin shipping

Facebook's Portal devices are video smart speakers with Alexa voice assistants built in that allow you to make calls. The 15-inch Portal+ model features a pivoting camera that follows you around the room as you speak.