Friday, October 4, 2024
HomeData BreachCritical bug allows to read all your Private Chats of Facebook Messenger...

Critical bug allows to read all your Private Chats of Facebook Messenger by hackers

Published on

One of the network’s most popular features, with 1-billion active monthly users. Unlike photo and status features designed specifically for sharing and publishing, the power of Messenger is in the ability to communicate privately.

security vulnerability found on Facebook, which also potentially affects millions of websites using origin null restriction checks, threatening user privacy and opening site visitors up to malicious entities.

“The hack, dubbed “Originull,” enables an attacker to access and view all of a user’s private chats, photos and other attachments sent via Facebook Messenger. The issue was discovered and reported to Facebook by team researcher Ysrael Gurt.  (Facebook has since fixed the flawed component)”

- Advertisement - EHA

“The vulnerability discovered is a cross-origin bypass-attack which allows the hacker to use an external website to access and read a user’s private Facebook messages”

Normally, the browser protects Messenger users from such occurrences by only allowing Facebook pages to access this information. However, Facebook opens a “bridge,” in order to enable “subsites” of Facebook.com to access Messenger information.

A vulnerability in the manner in which Facebook manages the identity of these subsites makes it possible for a malicious website to access private Messenger chats.

             The chat appears on the BugSec website. The user ID is shown to the left.

For example, if the user opens a website to which the hacker has directed them (via a malicious ad, a security issue, or the hacker’s own website), the hacker can then see all the Facebook Messenger chats, photos and other attachments which the user sends or receives.

This happens even if the user sends the messages by way of another computer, or from their personal mobile device!

 “This security flaw meant that the messages of 1-billion active monthly Messenger users were vulnerable to attackers,” said Stas Volfus, Chief Technology Officer of BugSec”

Watch the Facebook Messenger Originull video:

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

Google Warns Of North Korean IT Workers Have Infiltrated The U.S. Workforce

North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue...

MC2 Data leak Exposes 100 million+ US Citizens Data

Researchers have uncovered a massive data breach at MC2 Data, a prominent background check...