Facebook Messenger sticks to a vulnerability that exposes users' contacts

Imperva security team recently announced a security vulnerability on Facebook Messenger that can be exploited by hackers to view the victim's Facebook account list via web browser and iframe (one card in web programming).

According to security experts, with this attack hackers do not get any more data than the user's contact information.

Facebook Messenger sticks to a vulnerability that exposes users' contacts Picture 1
Photo: Threatpost.

Imperva sent a notice about this vulnerability to Facebook and made suggestions for corrections by adjusting the iframe element. However, security experts also added that this is only a temporary treatment but cannot overcome the problem completely.

After receiving information about the vulnerability, Facebook completely deleted the iframe from Messenger.

In recent times, Facebook has been in constant trouble and has been criticized for violating privacy. The most prominent one is the Cambridge Analytica scandal reported in March 2018 and the millions of Facebook users leaked data in October last year.

According to recent information, Facebook is planning to merge Messenger, WhatsApp and Instagram into a unified service. This makes users and professionals worry about the privacy of this social network.