Facebook has been forced to disable a messaging feature after a Welsh student uncovered a flaw allowing him to read strangers' private messages.
The New Year's Midnight Delivery feature was set up on Facebook Stories to enable users to write messages to friends to be automatically sent after midnight.
Aberystwyth University student Jack Jenkins discovered that by tweaking the Url after sending a message, he could read and even delete other users' messages.
He blogged about the error, writing: "I just wanted to share this. I don't know how a site like Facebook can continue to take these kinds of risks. PLEASE Don't go deleting random messages, but try and delete one of mine that I set up especially if you want."
Facebook promptly disabled the feature upon discovering the issue.
A spokesman for Facebook confirmed that the site is back up and running again, and that it had been taken offline for a time while they dealt with the issue.
Facebook Stories is a separate site from the main Facebook site, and does not affect messaging on Facebook itself.
The error comes after a picture posted by Facebook founder Mark Zuckerberg's sister led to her claiming her privacy had been breached after a marketing director tweeted the private family photograph that Zuckerberg had shared on her personal Facebook page.