A loophole in Facebook allows the hacker to know the users Messenger contacts
A group of security researchers found a new loophole in the Facebook network, but this time it is specific to the messenger service and not the entire network. This vulnerability helps hackers to know which user’s contacts and which conversations they are in.
According to a group of researchers from the Imperva company specializing in cyber security, which revealed the gap, the hacker can take advantage of the loophole by penetrating the user’s Facebook page on the browser, and then divide the interface into frames, and thus enable him to know which person is By talking to them and any of the people does not do this next to them on their contact list.
The invention can take place when the user enters a malicious Web site and is still browsing Facebook via Chrome browser, but as the security group has confirmed, no additional data can be obtained from the loophole.
Imperva also said she discovered the gap a year ago and reported it to Facebook, so the company changes the HTML content and site frames when it opens, but even then the hacker can take advantage of the loophole.