An online security company recently discovered a flaw in Facebook that would have allowed hackers to change the content of Facebook messages after they have been sent.

Here’s how the hack worked: security researchers found a message’s unique ID, then changed the message’s content and sent it back to Facebook. The site accepted the message as the real deal, and the message recipient was not made aware of any change.

Check Point Software Technologies, the company that discovered the flaw, pointed out that this simple hack could have had potentially devastating consequences. A hacker could have changed the history of a conversation to claim he or she had reached a false agreement with the victim, or it could have been used to aggressively spread malware by changing legit links into spammy ones. It could have even been used to affect legal or criminal investigations.

“These chats can be admitted as evidence in legal investigations and this vulnerability opens the door for an attacker to hide evidence of a crime or even incriminate an innocent person,” Check Point wrote in a blog post about the flaw.

The security company notified Facebook of the flaw earlier this month, and the social media giant promptly corrected it. Facebook also noted that the vulnerability only affected Messenger on Android, but that still means a ton of users could have fallen victim to this hack had it not been found.