Facebook Messenger bug exposed users' data including private chatting

New Delhi : While Facebook CEO Mark Zuckerberg promises to make his social media platform more secure than before, a bug in the Facebook Messenger allows websites to gain access to users' data, including the private chatting details, say researchers. Though, the bug has been fixed by Facebook, the vulnerability in the web version of Messenger allowed any website to expose who you have been messaging, revealed Ron Masas, researcher with cyber security company Imperva, in a blog post on Thursday.

The researchers question about the vulnerability to Facebook under their responsible disclosure programme and the social media platform mitigated the issue. Earlier in November 2018, the team has discovered a Facebook bug that allowed websites to extract data from users' profiles via cross-site frame leakage (CSFL) which is known as a side-channel attack performed on an end user's web browser.

"Browser-based side-channel attacks are still an overlooked subject. While big players like Facebook and Google are catching up, most of the industry is still unaware," wrote Masas, the lead researcher. 

To inform, Facebook Messenger has over 1.3 billion users globally. Lately, in a press meet, Zuckerberg said he is working to make Facebook "privacy-focused" like WhatsApp. The "privacy-focused platform" will be built around principles like private interactions, encryption, reducing permanence, safety and interoperability.