A security researcher has discovered a critical vulnerability in Facebook Messenger that could allow an attacker to read all your private conversation. The flaw affects around 1 Billion Messenger users, affecting the privacy of around 1 billion users. The vulnerability actually lies in the fact that Facebook chats are managed from a server located at {number}-edge-chat.com, which is separate from Facebook’s actual domain (www.facebook.com) The root of this issue was misconfigured cross-origin header implementation on Facebook’s chat server domain.
Source: https://thehackernews.com/2016/12/hack-facebook-messenger-chats.html