Facebook has not had the best of times lately in terms of security. It is known that a new bug is discovered inside any of Facebook products almost every week. This has become so frequent that the company has lost a majority of its users in the US due to privacy issues.
Recently, Facebook CEO Mark Zuckerburg said that his company is working on making the platform more secure. Amidst that, a new bug inside Facebook Messenger has been discovered which revealed private information of its users. The bug, discovered by a cyber-security researcher, let out information about the profiles which the users were chatting with on its platform.
Facebook Messenger’s latest bug reveals information of person’s messaging contacts
The latest bug inside Facebook Messenger is found to be present in its web version. According to a security researcher named Ron Masas, this bug let websites gain access to users’ data which included information about who they have been messaging.
According to Facebook’s Messenger team, the bug has been fixed now. However, the company did not reveal information about users affected by this bug. Now, the security researcher who discovered this bug is working with a cyber-security company called Imperva.
Security Researcher Masas says that the bug was first seen in November 2018. Since then, the bug has been present inside Facebook Messenger’s web version. Also, Masas has revealed the details regarding this bug found inside Facebook Messenger.
The security researcher says that he, along with his team, found out this bug via cross-site frame leakage. Commonly known as CSFL, an attacker performs this type of side-channel attack on the web browser of end users.
With the CSFL attack on Facebook Messenger, attackers were able to extract information such as data from the user’s profile. Due to this bug, there was no threat to the user’s account as password and other information were not accessible.
Masas further added in his blog post that:
Browser-based side-channel attacks are still an overlooked subject. While big players like Facebook and Google are catching up, most of the industry is still unaware
Now, the timing of the discovery of this bug is very interesting due to the fact that Facebook CEO has been banking on privacy for his products. Earlier this week, Zuckerberg said that Facebook is working on becoming privacy-focused like WhatsApp. There is no word on this bug from Facebook Messenger team as of now.
