recommended reading

Threatwatch

Unauthorized Entity Entered a Backdoor in Facebook’s Code

Stolen credentials; Unauthorized use of system administrator privileges; Software vulnerability

One good-guy hacker recently detected a server-side vulnerability that had not only existed for months, but that apparently had been successfully exploited by someone else multiple times.

In a blog post, a self-described "penetration tester" going by the moniker Orange Tsai found seven vulnerabilities, a few of which enabled him to take control of Facebook's servers.

In doing so, he found some PHP error messages that seemed to be caused by the unauthorized visitor. The other user apparently created a proxy on the credential page to steal the credentials of Facebook employees.

"And at the time I discovered these, there were around 300 logged credentials dated between February 1st to 7th, from February 1st, mostly '@fb.com' and '@facebook.com,'" Tsai wrote. "Upon seeing it I thought it's a pretty serious security incident."

Tsai alerted Facebook's security team to his findings early February, and said he received confirmation that Facebook would inspect the vulnerability.

He said he was asked not to disclose the exploit until Facebook completed its investigation on April 20.

Someone purportedly from Facebook's security team posted in a forum shortly after Tsai published his post that the company was "really glad Orange reported this to us."

sector

Social Media

reported

April 25, 2016

reported by

PC Magazine

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Beginning of July 2015; Mid-September 2015

date breach detected

Early February 2016