Follow real-time updates on Union Budget 2023Catch exclusive videos on Union Budget 2023 from CNBC-TV18
Now fixed by Facebook, the vulnerability in the web version of Messenger allowed any website to expose who you have been messaging, revealed Ron Masas, a researcher with cybersecurity company Imperva.
As Facebook CEO Mark Zuckerberg discussed about making his platform more secure, a bug in Facebook Messenger allowed websites to gain access to users' data, including who they have been chatting with, say researchers.
Recommended ArticlesView All
World Cancer Day 2023: Early detection is crucial for reducing the global burden
Feb 4, 2023 IST5 Min(s) Read
World Cancer Day 2023: A way forward to better management of cancer this year!
Feb 4, 2023 IST6 Min(s) Read
Pakistan economy at alarming level as foreign reserves drop to $3.1 billion from $16.6 billion in a year
Feb 3, 2023 IST3 Min(s) Read
FM Nirmala Sitharaman speaks on inflation, taxes, GDP and more. Read the full interview here
Feb 3, 2023 IST37 Min(s) Read
Now fixed by Facebook, the vulnerability in the web version of Messenger allowed any website to expose who you have been messaging, revealed Ron Masas, a researcher with cybersecurity company Imperva, in a blog post late on Thursday.
The researcher reported the vulnerability to Facebook under their responsible disclosure programme and the social media platform mitigated the issue.
In November 2018, Masas and his team discovered a Facebook bug that allowed websites to extract data from users' profiles via cross-site frame leakage (CSFL) which is known as a side-channel attack performed on an end user's web browser.
"Browser-based side-channel attacks are still an overlooked subject. While big players like Facebook and Google are catching up, most of the industry is still unaware," wrote Masas.
Facebook Messenger has over 1.3 billion users globally.
Zuckerberg on Thursday said he is working to make Facebook "privacy-focused" like WhatsApp.
The "privacy-focused platform" will be built around principles like private interactions, encryption, reducing permanence, safety and interoperability.