The popular social network Facebook It is once again involved in controversy due to a new security flaw discovered in its Messenger and Instagram platforms that puts the integrity of its users’ private data at risk.
In a report Prepared by app developers Tommy Mysk and Talal Haj Bakry, it was revealed that previews of shared links on these platforms presented vulnerabilities that could put the security and privacy of iOS and Android users at risk.
In this sense, Bakry and Mysk deciphered that, through the links shared in these applications, there were leaks of sensitive information such as IP addresses. In addition, links sent in end-to-end encrypted chats could be exposed, as well as the possibility of downloading large files without user authorization.
Bakry and Mysk also stated that through these links shared on Messenger and Instagram it was also possible to make copies of private data.
In response to these discoveries, Facebook explained that the links shared on these platforms only represented a reduced version of the image, which is shown as a preview of the information present in them.
According to Facebook, the reason behind this is due to its intention to protect users from potential computer threats such as malware, thereby ruling out data collection through this action.
In another section of the Bakry and Mysk report, it was revealed that the behavior shown by both Messenger and Instagram differed from other similar messaging applications in the fact that they download all the content of any link and then send them to their servers.
Given this, Facebook simply claimed that this action on both platforms «works as intended»
However, shortly after this vulnerability was revealed, Facebook disabled the preview of links on Instagram, Messenger and the Facebook platform itself, although only for users based in Europe.
By doing this, Facebook hopes to adhere to the privacy laws established by the EU on online safety, which were being violated with this vulnerability.