A security researcher, Inti De Ceukelaire has published a detailed post how Facebook developers can spy on private links in Facebook Messenger. De Ceukelaire found that through the right API call he could summon links shared by specific FB users in private messages. The links were collected by the Facebook crawler, where De Ceukelaire discovered they were easily accessible to anyone running a Facebook app. De Ceukelaire found that the developers could access any link that could be popular news story or a link to some private website meant only for the reader. The developers can see the links once they’re shared in private messages, they’re logged in Facebook’s database, and accessible to API calls. The bug allows only legitimate FB developers to spy on the private links in messenger and could not be exploited by unwanted hackers says De Ceukelaire. De Ceukelaire was only able to make the API call because he’s registered as a Facebook developer. If he had tried to make simultaneous calls for pulling links of many users, FB would have quickly noticed and put a stop to it. Still it is a serious bug according De Ceukelaire who says it could create several problems for Facebook users. Facebook has not yet commented on De Ceukelaire’s findings.