Bug in Facebook Messenger showed hackers conversation partners
The messaging service Messenger of Facebook contained a vulnerability whereby hackers could find out with which people have chatted victims. Researchers from the internet security company Imperva discovered this, The Verge reports.
Users were vulnerable if they visited a malicious web page with a logged in Facebook account in the Chrome web browser. Through a different tab, malicious parties could then retrieve the information about interlocutors.
The bug is similar to an error that came in the news in November. With this vulnerability in the Facebook websites, malicious parties were able to retrieve information about users.
The bug in Messenger only gave malicious people the opportunity to find out the victims’ conversation partners, not to read the content of the chats.
The bug was reported to Facebook by Imperva in May, after which the company closed the vulnerability. It is unclear whether the vulnerability has actually been abused.