Facebook has had a bad week when it comes to privacy news. First, the company was widely panned for launching its Portal home video device shortly after a data breach that affected 50 million users. Now, a new report details a security bug discovered in the Facebook-owned WhatsApp chat tool that allowed hackers to take over a user’s profile if they answered an incoming video call from a bad actor.

WhatsApp is a wildly popular chat app used by more than 1.2 billion people around the world. Facebook acquired it in 2014, and since then privacy experts have been skeptical of how the app treats user data — and its relationship with its parent company.

For its part, WhatsApp admitted that the problem was first discovered in August and fixed in early October.

“We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable,” WhatsApp spokesperson Ann Yeh said in a statement to Reuters. “We promptly issued a fix to the latest version of WhatsApp to resolve this issue.”

According to a source within WhatsApp, there’s no evidence this flaw was actually exploited by hackers. But a video-related privacy controversy is the last thing Facebook needs the very week it launched a video chat device.