Facebook has restored access to its New Year's Midnight Delivery feature after fixing the security bug. The issue had forced the social networking giant to temporarily restrict access to the service less than 24 hours after the system was made available to its more than one billion users.
With the Midnight Delivery tool, Facebook opened up a new feature whereby users can wish friends and family a happy 2013 with a private message or photo that will be delivered to their Facebook inbox as the clock strikes midnight on New Year's Eve.
The service was timely and convenient but a major security flow, first noticed by blogger Jack Jenkins, allowed anyone to view and delete messages that you send to friends via Midnight Delivery. "By simple manipulation of the ID at the end of the URL of a sent message on the FacebookStories site, you are able to view other peoples Happy New Year messages. At least I was when I edited the ID for myself," Jenkins wrote in his blog. The New Year messages, some of which could be private in nature, were supposed to go directly to the recipient's Facebook inbox. However, the public confirmation pages made them available to anyone who has the URL syntax.
Shortly after the security flaw was noticed, Facebook confirmed that it was aware of the issue and gave out a statement saying, "We are working on a fix for this issue now, and in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed."