A bug on the web version of Facebook Messenger may have been able to expose who you’ve been chatting with on the platform. This comes in the wake of CEO of Facebook Mark Zuckerberg’s speech about how messaging is the future of Facebook.

Security researcher Ron Masas discovered the flaw and privately reported it to Facebook. The social network subsequently put up a fix to the bug.

An attacker could have exploited the bug by simply tricking a Messenger user into visiting a malicious site, then getting them to click anywhere on the page, like pressing play on a cute cat video.

Before now, Masas had noticed a similar Facebook bug last year where data thieves could see private posts you and your friends have liked. The bug worked by using iFrames analysis. iFrames are the codes used to embed content like YouTube videos on pages. Facebook Messenger loaded a specific number of iFrames in the browser for conversations people have had on the web version.

To correct the bug, Facebook removed all iFrames from the Messenger user interface.

In a statement on Friday 08, March 2019, the company said it wasn’t technically a Messenger bug. They explained that the bug was just a browser issue related to how content embedded in webpages were handled and it could have affected any site. They fixed the issues on the messenger already last year to safeguard users and make recommendations to browser makers to prevent its reoccurrence.