Mark Zuckerberg and Facebook have had a tough year, and the crisis just doesn’t seem to end. The Senate hearing last year was just the beginning. Ever since then, the company has found itself in troubled waters again and again.
The latest in the series is a revelation about the Facebook messaging app called Messenger. In the new reports, it has been found that a bug apparently allowed users to see who they were texting on Messenger. The bug’s existence was detected in 2018 and it was fixed, but the information was never revealed to the public.
The shocking discovery comes just a few days after Zuckerberg assured the public that he wanted Facebook, and WhatsApp as an extension, to be a privacy-focused platform. The report had been disclosed by the security firm Imperva. It was revealed that the iframe bug on Messenger is the Achilles heel.
Using a third party CSFL (Cross-Site Frame Leakage) attack on iframes, hackers can detect whether a user has chatted with someone or not. If a Facebook user accessed a malicious website on his browser while still logged into Facebook, he would be susceptible to his personal data being extracted by hackers using the bug.
There is some reassurance though. The report revealed that hackers can only see if you have talked to someone or not, not what you talked about or when. The bug has since been patched, and iframes have been completely removed from Messengers.
The hack is just another in a long line of privacy violations and data mishandling problems Facebook has faced over the last couple of months. It will be interesting to note how Zuckerberg handles the privacy problems after his announcement last week to combine Messenger, WhatsApp, and Instagram through a single backend that is focused on privacy based communication.