A Facebook Messenger bug may have exposed who you were chatting with

Reading time icon 2 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Facebook’s got pretty bad luck with privacy — even in cases where it isn’t their fault.

A new vulnerability has been discovered by security company Imperva which allowed hackers to see who users had been chatting with on Facebook.

The exploit involved tricking the user into clicking on a malicious site. Once that happened, a background tab would open and the hacker could do their business while the user was occupied — however briefly.

Imperva’s blog goes on to explain:

The new tab would start playing a video, keeping the user busy while we load the user messenger conversation endpoint in the background tab. While Messenger loads in the background, we record the iframe count as I previously explained, allowing us to detect whether or not the current user has been in contact with specific users or Facebook Messenger bots.

Facebook has fixed this as soon as it was made aware of the issue, but other sites and series remain vulnerable as of now.

“The issue in his report stems from the way web browsers handle content embedded in webpages and is not specific to Facebook,” a Facebook spokesperson told Gizmodo in response to a query. “We’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from happening in other web applications, and we’ve updated the web version of Messenger to ensure this browser behavior isn’t triggered on our service.”

You can read about the full vulnerability in the source link below.

Source: Imperva, via Gizmodo

More about the topics: facebook, messenger, Privacy, security

Leave a Reply

Your email address will not be published. Required fields are marked *