Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Watch Out: Your New Year's Midnight Delivery Messages on Facebook Aren't Private (Updated)

Illustration for article titled Watch Out: Your New Years Midnight Delivery Messages on Facebook Arent Private (Updated)

You know how Facebook added that Facebook Stories feature that lets you automatically spam all your "friends" with automatic "Happy New Year" inanities? Well, beware because they aren't private, thanks to a security cock-up.

Advertisement

On the off-chance your queued messages contain something sensitive, you might want to go in there and scrub the dirty—er, private stuff. Turns out you can view others' messages (and they can view yours) by just mashing on the keyboard and putting some fresh numbers into the URL. That's right; those URLs are public.

Advertisement

Chances are you're not welcoming in the new year by sending your pals your social security number or anything, but if there's anything in there that you don't want to be accessible to any yahoo who can type a few random numbers, you might want to pull it for now. [Jack Jenkins via The Verge]

Update: It's all fixed now.

Share This Story

Get our newsletter

DISCUSSION

BogusMaxiumus
Bogus Maximus

You can set the security permissions when you first sign into the app (although that may not matter if this exploit is true). I'm more concerned about why an app that sends out a message at a predetermined time needs access to my:

Email Address

Birthday

All Photos

All Videos

Video Activity

"Your Location" and "Friends' Locations" makes sense, since it needs that info to time the messages that are sent. But the rest of it is essentially consenting to giving away your personal info, much like everything else on Facebook.