Graham Cluley writes:
A security researcher has revealed details of a flaw in Facebook Messenger that made it possible for “any website to expose who you have been messaging with.”
Imperva’s Ron Masas, who in the past has identified a bug that allowed unauthorised websites to view Facebook users’ location histories, likes and interests, discovered the flaw in the web version of Facebook Messenger.
Masas discovered a way of exploiting the Messenger website’s use of iFrames to determine who users had been chatting with.
Read more on GrahamCluley.com.