This ‘Facebook Messenger bug’ could prove very embarrassing to a lot of people

A hacker has discovered an alleged flaw in Facebook Messenger which could result in a lot of people's secrets being exposed.

Anyone who's used Messenger to send a link is potentially at risk due to a simple trick which reportedly let one computer expert look at the contents of private messages.

You might not realise it, but the sorts of links you send could shed light on some of your deepest secrets. If you're married and send the address of another hotel to someone who isn't your partner, then it's pretty clear you're playing away.

2

Perhaps you've been talking to someone at another company about getting a job - something which would really annoy your current employer. Your boss would have deep suspicions if it emerged that you'd been pinging out the web address of your online CV on LinkedIn.

Inti De Ceukelaire, the security researcher who discovered the alleged bug, : "While you may only share links to funny cat videos with your friends, you should still be worried about this exploit. Sometimes, sensitive information (personal data, secret keys, etc.) are included in links without you even noticing."

2

The Belgian tech expert suggested links are stored within Facebook's database whenever they are sent for the first time. This means they can be quickly displayed along with thumbnail images, a headline and other useful information.

"The next time Facebook displays the link, it simply fetches this information from the database," he continued.

"There’s absolutely nothing wrong with this. At least when this data is kept secret."

Related Stories

NO MORE ZUCKING UP

Former employee reveals what it's REALLY like to work inside Facebook

'They called me a scammer'

Bride-to-be who shared pics of skin cancer scars online cruelly trolled by Facebook users who said she was 'making it up'

FRIENDS REUNITED

Your Facebook news feed is about to become VERY different

THUMBS UP

Facebook is making a tiny change it hopes will make a big difference to the internet

Then, using some advanced jiggery-pokery, De Ceukelaire was able to see the links sent within private messages.

He said this was "a big deal" and immediately reported his findings to Facebook.

"Links shared through messenger, private groups, status updates, or by using the mobile application seem to be vulnerable to the methods described," he added.

"Links sometimes include personal stuff without you even knowing."

A Facebook spokeswoman reassured users that their secrets were still safe.

She said: “A researcher contacted us through our bug bounty program with concerns that links shared in Messenger could be discovered publicly.

"We’ve looked into this matter, and as always, we are focused on keeping your message content safe. In this case, we are confident that the risk to URLs people share in messages is very low because of the technical protections we use—such as rate limiting and throttling—that can detect suspicious activity and which we have recently strengthened further.

"In addition, this technique could only return random URLs and would not tie the sharing of a link to any particular person on Facebook.

"We have not seen abuse of this matter, and we are constantly working to make the security of our systems stronger.”