Facebook security breach exposes accounts of 50 million

     

Penetration testing unearths backdoor installed on Facebook’s company servers had been logging employee credentials and exposing security


*

It is unknown whether Facebook employee credentials could have given the hackers access to lớn Facebook user data. Photograph: Thomas Trutschel/Photothek via Getty Images
It is unknown whether Facebook employee credentials could have sầu given the hackers access to Facebook user data. Photograph: Thomas Trutschel/Photothek via Getty Images

Hackers gained entry to Facebook’s internal corporate network for several months, with access to hundreds of the social network’s employee usernames and passwords.

Bạn đang xem: Facebook security breach exposes accounts of 50 million

The hackers, which were actively exploiting Facebook’s network in July và September last year và possibly as recently as February this year, were discovered by a security researcher performing penetration testing on Facebook’s corporate network.

Having discovered seven security vulnerabilities with Facebook’s corporate tools, including a tệp tin transfer service, Devcore security researcher Orange Tkhông nên found that at least one hacker, possibly two, had compromised Facebook and were operating within its corporate network.

Tsai said: “While collecting vulnerability details and evidences for reporting khổng lồ Facebook, I found some strange things on website log.

Xem thêm: Coffee House Rạch Bùng Binh Đã, The Coffee House

“The hacker created a proxy on the credential page to log the credentials of Facebook employees. These logged passwords were stored under web directory for the hacker to use every once in a while.”


*

Logged Facebook employee credentials could have given the hackers access to gmail accounts, Facebook’s virtual private network & other company tools. Photograph: Jonathan Nackstrand/AFP/Getty ImagesAccording khổng lồ Tkhông nên, the logged Facebook employee credentials could have sầu given the hackers access to gmail accounts, Facebook’s virtual private network and other company tools. Facebook user data is stored separately lớn its corporate network; it is unknown whether the right Facebook employee credentials could have given the hackers access to Facebook user data.

Tsai said: “At the time I discovered these, there were around 300 logged credentials dated between 1–7, from 1 February, mostly ‘
fb.com’ and ‘
facebook.com’. Upon seeing it I thought it was a pretty serious security incident.”

The penetration testing – a series of attempts by security researchers to lớn find & report holes in a site or service’s cyber security – was conducted as part of Facebook’s Bug Bounty, which sees the social network pay people who find và disclose vulnerabilities to lớn the company.

Facebook was alerted to lớn the haông chồng on 5 February by Tkhông đúng. The company launched an internal investigation, which concluded on đôi mươi April, allowing Devcore lớn publish the details of the hachồng.

Xem thêm: Quảng Cáo Facebook Là Gì? Báo Giá Dịch Vụ Facebook Marketing

Commenting on tin tặc News, a Facebook security team member called Reginalvị said: “On this case, the software we were using is third các buổi tiệc nhỏ. As we don’t have sầu full control of it, we ran it isolated from the systems that host the data people chia sẻ on Facebook. We do this precisely to lớn have better security.

“We determined that the activity Orange detected was in fact from another researcher who participates in our bounty program. Neither of them were able lớn compromise other parts of our infra-structure.”