If you are a regular on Facebook Messenger, you may want to know this. The Messenger has apparently been found infected with a bug that allows websites to gain access to users’ data (once again).
Though Facebook has now apparently fixed the bug, according to cybersecurity firm Imperva, who reported the bug first, the vulnerability in the chat app allowed any website to expose who you have been messaging. However, it is to be noted, that this issue was found only on the web version of the app.
“When the current user has not been in contact with a specific user, the iframe count would reach three and then always drop suddenly for a few milliseconds. This lets an attacker reliably distinguish between the full and empty states. This could let him remotely check if the current user has chatted with a specific person or business, which would violate those users’ privacy,” the blog reads.
Last year in November, another such bug was spotted on the chat app, which resurfaced old message threads on the app without context. These messages were being shown as new, unread ones.
The Messenger bug has been reported just days after Mark Zuckerberg said that he aims to make the chat app into a “privacy-focused” app. Clearly, the app isn’t immune to vulnerabilities, at least yet.