Technology News
English Edition

Private Links Shared on Facebook Messenger Aren't So Private: Report

By Ketan Pratap | Updated: 13 June 2016 18:02 IST
Private Links Shared on Facebook Messenger Aren't So Private: Report
Highlights
  • The security researcher informed Facebook about the issue.
  • Facebook responded stating that the process was intended.
  • Facebook is not likely to fix the issue as per researcher.
Advertisement

Privacy and security has been a contentious issue with all social networks, and Facebook is no exception. We've suggested to our readers to perform a digital clean-up to ensure their account is safe. However, a recent report suggested that a new vulnerability related to Facebook's Messenger app as well as online chat could allow an attacker to change or modify a conversation in the thread. The company however patched the bug fixing the issue.

Now, security researcher Inti De Ceukelaire in a Medium post has claimed that links shared privately on Messenger can be read by Facebook and developers with access to its API. Ceukelaire informed the company about the issue and was shocked to learn that "Facebook had no problems with privately shared links being accessible."

Ceukelaire was able to access the links using Facebook's crawler tool. The social giant describes the tool as, "Content is most often shared to Facebook in the form of a webpage. The first time someone shares a link, the Facebook crawler will scrape the HTML at that URL to gather, cache and display info about the content on Facebook like a title, description, and thumbnail image."

During his testing, Ceukelaire discovered that all the objects saved on Facebook such as images, status, or even a link was given a "unique, non-chronological identification number". He noticed Mark Zuckerberg was object number four on Facebook.

He noted that developers can request an object via Facebook API (an interface for developers) by its number which will return with the details "only" if they had permission to access. After some more searching, he decided to request a URL for the queried object and was given the link address. He then "wrote a quick script that would take any identification number and increment it gradually to discover other links," and discovered he was returned a list of URLs shared by users.

"[While] it's not possible to get links for a specific user, you could easily run through results all day* until you find something interesting. *Yes, Facebook does block excessive requests but there are ways to bypass that, e.g., using multiple access tokens and if needed, VPN's. Rate limiting won't stop someone who is determined," he added.

He pointed out that the results didn't confirm the user who shared the link but it was not hard considering the user ID was linked to the results shown. The researcher points out the shared links can sometimes carry personal details which the user doesn't intend to share with others.

"While you may only share links to funny cat videos with your friends, you should still be worried about this exploit. Sometimes, sensitive information (personal data, secret keys, ...) are included in links without you even noticing," adds Ceukelaire.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Apps, Facebook, Messenger, Social
Ketan Pratap
Ketan Pratap
Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More
Tech, Beauty Intersect in Silicon Valley
Apple and Google Can't Stand App Store Chaos

Related Stories

Private Links Shared on Facebook Messenger Aren't So Private: Report
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Apple to Discontinue iPhone 14, iPhone SE Sales in These Countries
#Latest Stories
  1. iPhone 14, iPhone SE Sales in EU to Be Discontinued Due to Upcoming Regulation: Report
  2. OnePlus Open 2 Launch Timeline Leaked; Might Debut Later Than Expected
  3. Google Blasts Chrome Sale as ‘Extreme’ Remedy at Odds With Law
  4. Samsung Galaxy S25 Slim Specifications Leaked; Might Be Thicker Than iPhone 17 Air
  5. Qualcomm Secures Key Win in Chips Trial Against Arm
  6. OpenAI Unveils 'o3' Reasoning AI Models in Test Phase
  7. Ancient Bronze Statues Unearthed from Etruscan Healing Spring in Italy
  8. Malayalam Action Thriller Mura Now Streaming on Prime Video
  9. Study Explores Sun’s Magnetic Field Changes and Solar Wind Acceleration
  10. Madanolsavam Streaming Now on Prime Video: What You Need to Know
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »