Facebook was able to avoid what could have been an embarrassing privacy ordeal with a messaging feature it built for New Year's Day.
The Menlo Park, Calif.-based social network recently introduced a new feature for its desktop site that allows users to pre-write messages for their friends that get sent out as soon as 2013 arrives at the stroke of midnight.
Nice concept, but the feature had a fatal flaw: The messages weren't private.
British blogger Jack Jenkins discovered and reported the problem with the "New Year's Midnight Delivery" feature on Sunday. Jenkins wrote that users could alter the feature's URL ID with random letters and numbers to stumble on other users' messages, some of which contained photos.
"It shouldn’t be possible to do this, as these are not generic and are people’s personal images," Jenkins wrote.
Jenkins said it wasn't possible to see who sent the messages, but he was able to see who the recipients were. What's worse, he said that it appeared that he could randomly delete users' messages if he wished.