Facebook has a problem with private links

Facebook has a link problem. Earlier this week, a security researcher named Inti De Ceukelaire detailed a curious fact about how Facebook Messenger treats privately shared links. Through the right API call, De Ceukelaire was able to summon links shared by specific users in private messages. The links were collected by the Facebook crawler, where De Ceukelaire discovered they were easily accessible to anyone running a Facebook app. Those links could be anything from a popular news story to directions to an abortion clinic. As long as they’re shared in private messages, they’re logged in Facebook’s database, and accessible to API calls.

It would be hard to exploit that bug at scale for a few different reasons. De Ceukelaire was only able…

Continue reading…

Leave a Reply

Your email address will not be published. Required fields are marked *