A previously reported Facebook vulnerability was similarly found in the company’s Messenger product, according to security research group Imperva. Nearly a year ago, Imperva researchers discovered that, through Messenger, a hacker could use “any website to expose who you have been messaging with.” The bug was disclosed to Facebook in November and subsequently patched.
Hackers could target a Facebook user’s web browser and exploit iframe elements to see which friends the user had talked to and which were not in the user’s contact list. Imperva confirmed the hackers couldn’t gain any other data from the attack.
Like the vulnerability in Facebook reported last November, Messenger users would have been vulnerable if they visited a malicious...