Facebook's new Midnight Deliveries service, which was intended to be used to send messages to friends on the stroke of midnight on New Year's Eve, was taken offline after a major security flaw was found.

Facebook Stories

The security slip-up was first reported in a blog post by IT student Jack Jenkins, revealing that by simply changing a string of numbers at the end of a message's URL, you can view private Happy New Year messages sent by other users.

Although it is doubtful that Facebook users would include private and sensitive information in messages wishing friends a happy New Year, the flaw made it possible for anyone to see the name of the recipient(s), along with the message and any photos included with it; the fault also made it possible to delete other people's messages.

The IT student explained: "It is you may say a pretty harmless flaw, as they tend to be generic messages and you can't see who sent them (it shows your profile pic next to the message, as if you've sent it).

"However you can see the names of the recipients of the message. Some messages do contain a photo, one such message I saw contained a photo of a father and their child, another a family photo, another was a personally written message with a photo."

Jenkins made Facebook aware of his findings and the service was shut down soon after, and is now visible again, in the UK at least. The blogger said: "I just wanted to share this. I don't know how a site like Facebook can continue to take these kinds of risks. PLEASE Don't go deleting random messages, but try and delete one of mine that I set up especially if you want."

Following the removal of the application, Facebook said in a statement: "We are working on a fix for this issue now, and in the interim we have disabled this app on the Facebook Stories site to ensure that no messages can be accessed."

IBTimes UK tested Facebook Stories at 11pm GMT and found the service to be working once more, and no matter what user ID we entered into the address bar, we were returned to the New Year messages we had sent from our own account.

As explained above, the flaw is fairly harmless to the majority of users, but if anyone chose to say something more personal or include photos that they wouldn't want to be made public, then there is clearly a problem here.

Facebook is fighting to be the number-one place for our online lives, and with privacy at the forefront of this, but if it can't be trusted to deliver a simple New Year's Eve message without making it available to all one billion users, then trust in the network by some will no doubt diminish.

Facebook