Facebook's App Has Security Problems

For the new year, Facebook posted a "Midnight Message Delivery" app for people to send notes when the clock struck 12. It was a cute idea, but the app was easily hacked.

FB Message App

A computer science student first discovered the security flaw. Jack Jenkins found that changing the message ID brings users to different messages intended to be private. For example, this message has a confirmation number at the end that can be changed easily: http://www.facebookstories.com/midnightdelivery/confirmation?id=76188.

Being able to read private messages was one issue; another was the ability to delete messages that people believed would be received.

Facebook has since disabled the app.

Discussion Starters:

  • How does such a security flaw affect Facebook's credibility? To what extent could this affect people's trust in future Facebook apps?
  • In addition to disabling the app, should Facebook post a message about the flaw? If so, what should the company say?