Privacy flaw discovered in Facebook’s New Year’s app

In this world of hyperconnectivity, online privacy management is not prioritized highly enough by most people.

The number of individuals we send digital messages to on the holidays likely far exceeds the number we would take the time to send traditional greeting cards. Facebook thought up a way to make this more convenient for users, so they wouldn't miss half the New Year's Eve festivities by working overtime typing out messages to friends and family.

But, with all things good, watch out for the bad. Midnight Delivery is a service that the social media site offered users so they could write New Year's warm wishes in advance to whomever they chose. They would then be automatically delivered when the clock struck midnight in their respective time zones.

Great idea, right? Well, just because something sounds good doesn't mean it will be executed properly. Facebook had to temporarily disable the service in order to fix a flaw in its design that compromised user privacy, according to technology and media blog Mashable.

By modifying the URL of his own messages, business IT student Jack Jenkins from Wales' Aberystwyth University in the United Kingdom was able to spy on private photos and messages sent by other Midnight delivery users. He could see and delete the content of others' messages at will, constituting a significant online privacy vulnerability.

What we should all learn from this is that social media sites and mobile application developers often release products to the public, only to have significant security holes exposed after millions of people have downloaded and used them. As a result, we suffer the consequences of their oversights but continue to let them off the hook.

Before downloading any application or jumping on board with a new service, take the time to examine its privacy settings and terms and conditions. Spend a little while looking online for feedback from others about issues or concerns they might have. It's okay to not be a first adopter, instead opting to wait for a bit and see how well a product launch goes. You may just avoid a digital nightmare.

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Posted by Identity Theft Speaker John Sileo in Online Privacy and tagged online privacy, online privacy management.