A security researcher catches a dangerous bug in Facebook Messenger Room that could steal users private data

The use of technology and social media amongst people have now been increasing more than ever, nowadays people old or young all have social media accounts which they use for various purposes like watching updates of their favorite celebrities or chatting with their friends.

Most users have a lot of private data, chats, photos and videos etc. on these social networks. One such platform is the infamous giant Facebook. People all over the world use Facebook's Messenger to communicate with their friends and family thus an exchange of private information and data takes place.

Over the year’s data stealing and hacking has increased by a big percentage and is constantly growing, which is why messaging and social apps like Facebook's Messenger provides their users with the best privacy and protection against data theft and hacking so that users choose their platform.

Facebook is one company that never compromises on providing its users with excellent protection against hacking, however recently a Nepal-based security researcher Samip Aryal caught a bug in Facebook's Messenger.

The vulnerability report provided to Facebook proved that any account on Facebook can be hacked by inviting the user into a Messenger chat room. To carry this out the physical access to the user's mobile device is required and can be carried out without the need of unlocking their device, making it much easier for the hacker.

This means that anyone that had physical access to your device could go into your account and view private data and information.

After the discovery of this bug, security researcher Samip Aryal got a lot of appreciation and also received a sum of 3000 dollars from Facebook as a reward for catching this bug.


Back in October of 2020 Samip Aryal discovered another one of Facebook's bugs. He proved that private videos that are stored and the viewing history of a user, both can be exposed by using the watch together feature. Anyone that had physical access to a user's device was easily able to carry this out. Facebook however solved this by making it compulsory for users to unlock their phones before they could use the feature.

For discovering this bug Aryal used a similar approach but this time to the Messenger Room feature as he knew that this feature can also be accessed without having the need to unlock the device.

However, it was not easy for Aryal to catch this bug, the security researcher used his personal computer and his Android phone to use two different Facebook accounts, he then invited the Android device to join a Messenger room.

The locked smartphone then ringed and Aryal discovered that he can actually accept the invite without unlocking the device, he then tried experimenting on all sensitive features like watch together but nothing worked. Aryal then noticed an option on the top right side of the screen of his Android mobile phone, this was the 'chat with other attendees' feature. Aryal found out that once this feature is clicked all private photos and videos can be easily seen.

Facebook is one company that never compromises on the quality of its products and platforms, the social media giant fixed the bug discovered by Aryal within a day.

Read next: Consumers have many concerns regarding the privacy leakage and hacking issues of the smart appliances

Previous Post Next Post