Explorer
Not again! New bug in Facebook Messenger lets hackers see who you've had conversations with
A bug in Facebook Messenger allowed websites to gain access to users' data, including who they have been chatting with.
More than 1,500 apps built by 876 developers might have also been affected. (Image: AFP)
Bug in Facebook Messenger allowed websites to gain access to users' data
Facebook Messenger has over 1.3 billion users globally
This report suggests that the platform is not immune to vulnerabilities.
San Francisco: As Facebook CEO Mark Zuckerberg discussed making his platform more secure, a bug in Facebook Messenger allowed websites to gain access to users' data, including who they have been chatting with, say researchers. Now fixed by Facebook, the vulnerability in the web version of Messenger allowed any website to expose who you have been messaging, revealed Ron Masas, a researcher with cybersecurity company Imperva, in a blog post late on Thursday. The researcher reported the vulnerability to Facebook under their responsible disclosure programme and the social media platform mitigated the issue. In November 2018, Masas and his team discovered a Facebook bug that allowed websites to extract data from users' profiles via cross-site frame leakage (CSFL) which is known as a side-channel attack performed on an end user's web browser. "Browser-based side-channel attacks are still an overlooked subject. While big players like Facebook and Google are catching up, most of the industry is still unaware," wrote Masas. Facebook Messenger has over 1.3 billion users globally. Zuckerberg on Thursday said he is working to make Facebook "privacy-focused" like WhatsApp. The "privacy-focused platform" will be built around principles like private interactions, encryption, reducing permanence, safety and interoperability. Despite Zuckerberg's plan to make Facebook privacy-focused, the latest report suggests that the platform is not immune to vulnerabilities. In December 2018, Facebook admitted that about 6.8 million users might have put their private photos at risk of being exposed to third-party apps. The company said that more than 1,500 apps built by 876 developers might have also been affected by the bug that exposed users' unshared photos during a 12-day-period from September 13 to September 25, 2018. The social networking giant last year came under increased scrutiny of lawmakers around the world after several scandals surrounding security and privacy concerns surfaced.
Before You Go
Kolkata: TMC Alleges Security Breach Outside Strong Room at Sheikhawat Memorial School
Top Headlines
Election
Assembly Elections Result 2026: Timing, Date And Where To Watch 5 State Verdict
Cities
Delhi Fire Tragedy: Friend Recalls Victim’s Final Moments. What Did He Say?
Election
West Bengal Polls: Switched-Off Mobile, Raniganj Docs Found Near Asansol Strong Room
Cities
Kangra Accident: Bus Overturns Near Nurpur, 26 Hurt; Driver Heart Attack Suspected
See Today's Weather 
powered by
Personal Corner
Top Articles
Top Reels
Election
Assembly Elections Result 2026: Timing, Date And Where To Watch 5 State Verdict
Cities
Delhi Fire Tragedy: Friend Recalls Victim’s Final Moments. What Did He Say?
Election
West Bengal Polls: Switched-Off Mobile, Raniganj Docs Found Near Asansol Strong Room
Cities
Kangra Accident: Bus Overturns Near Nurpur, 26 Hurt; Driver Heart Attack Suspected
Cities
Man Opens Emergency Exit, Jumps Off Moving Air Arabia Flight At Chennai Airport
Election
Ahead of Vote Count, TMC Alleges Car With BJP Logo Entered Strongroom Without Checking
World
Trump Says He’ll Review Iran’s New Proposal, Warns Of US Strikes If Tehran 'Misbehaves'
Sports
Vinesh Phogat Identifies As Complainant In Alleged Sexual Harassment Case Against Brij Bhushan
