“Now fixed, Facebook’s new bug allowed websites to dwell into the user’s private data, exposed with whom the person is chatting.”
About a couple of days ago, a new bug was found in the Facebook Messenger that allowed websites to gain access to private user data. The incident has raised a question mark on the Zuckerberg’s claim of making the social media platform more secure. However, the bug is fixed by Facebook’s team.
Ron Masas, a researcher from a cybersecurity company Imperva, had revealed this vulnerability in the web version of the Messenger. Precisely, the bug had allowed websites to dwell into a user’s private data, even exposing who you have been chatting with. The researcher divulges this in a blog post last Thursday and also reported it to Facebook under its responsible disclosure programme. Facebook had responded swiftly by assuaging the issue.
In last November, Masas and his team revealed a Facebook bug that allowed websites to extract users’ data via cross-site frame leakage (CSFL), which was a side-channel attack executed on an end user’s web browser. Prior to this, the company had reported that a security breach impacted its 30 million users. In this report, Facebook admitted that more than 1,500 apps built by 876 developers might have been affected by the ‘bug’ that even exposed users’ unshared photos during a 12-day-period from September 13 to 25.
Speaking about the Messenger, the messaging platform has over 1.3 billion users globally and about a week ago the social networking giant had started rolling out its Dark Mode both in iOS and Android versions to provide the users with an eye soothing chat experience in low light condition.