Facebook is not acclaimed as the best company when it comes to security. We have also seen that the company is found out to have a lot of bugs recently. Earlier this year, Facebook’s bug revealed photos of close to its 6.8 million users. Now, we have reports about a new bug which has been found inside Facebook Messenger this time. The latest bug present in Facebook’s messaging platform let out the user’s account data. This information also includes data such as who the person is chatting with.
This means that the bug was able to access quite a lot of information. Because this bug can be used to target or even blackmail users regarding users they are chatting with. Now, this bug was found out by a security researcher named Ron Masas. He is known to be working with a cyber-security company named Imperva. Ron, along with his team, found out about this bug during their research.
He also reveals that the bug has been present inside Facebook’s flagship messaging platform since November 2018. Ever since the bug has come into the public eye, Facebook’s Messenger team has fixed it. Also, the company has not revealed any details about users, if any, who are affected by this bug.
As for the details of this bug, Ron reveals that they found this bug with the help of CSFL or cross-site frame leakage. It is known to be a type of side-channel attack performed by hackers on a user’s browser. Along with this, Ron Masas has published a blog post regarding this bug as well.
In his blog post, Masas says that “Browser-based side-channel attacks are still an overlooked subject. While big players like Facebook and Google are catching up, most of the industry is still unaware,”. Recently, Facebook CEO also said that they are working towards making Facebook “privacy-focused”.