Talking to strangers? This popular chat site is saving all your messages
A PSA to people who anonymously chat with strangers on the internet: Not all spaces are so private.
Each chat log is saved in Omegle's server after a user exits a conversation, Bhuyan said in an email.
"After a user disconnects his chat, Omegle saves the entire chat log in their server permanently," Bhuyan said.
Omegle goes on to note that when you start a chat, the timestamp, IP address, ID cookie "and similar information for you and your chat partner" are recorded and may be used to track spammers, hackers and other potential cyberspace wrongdoers as well as for "law enforcement purposes" or to compile statistical data. All of this data is "typically" stored for about 120 days.
"People on Omegle often think their chats are private and chats get deleted once they disconnect from the conversation," Bhuyan said. "Due to this false sense of security, people often share sensitive information on it."
An Omegle spokesperson said in an email that they think Bhuyan's hack was feasible by guessing the URL of a chatlog — a random sequence of letters and numbers — a user has saved.
"In practice, that is mostly a concern for chatlogs that users saved years ago, which had shorter URLs that were easier to guess," they said. "URLs generated more recently should be much harder to guess, but just to be on the safe side, I've made newly-generated URLs even longer in response to this."
They believe that those at risk are likely just users who saved their chatlogs and those saved with URLs "that are short enough to be guessable," but reiterated that Omegle has made newly-generated URLs that are even longer "to be on the safe side with this."
August 19, 2016, 3:01 p.m.: This story has been updated.