Penetration testing unearths backdoor installed on Facebook’s company servers had been logging employee credentials & exposing security
It is unknown whether Facebook employee credentials could have given the hackers access khổng lồ Facebook user data. Photograph: Thomas Trutschel/Photothek via Getty Images
It is unknown whether Facebook employee credentials could have given the hackers access to Facebook user data. Photograph: Thomas Trutschel/Photothek via Getty Images
Hackers gained entry khổng lồ Facebook’s internal corporate network for several months, with access to lớn hundreds of the social network’s employee usernames & passwords.
Bạn đang xem: Hack fb likes and comments
The hackers, which were actively exploiting Facebook’s network in July và September last year and possibly as recently as February this year, were discovered by a security researcher performing penetration testing on Facebook’s corporate network.
Having discovered seven security vulnerabilities with Facebook’s corporate tools, including a file transfer service, Devcore security researcher Orange Tkhông nên found that at least one hacker, possibly two, had compromised Facebook & were operating within its corporate network.
Tsai said: “While collecting vulnerability details và evidences for reporting to Facebook, I found some strange things on web log.
Xem thêm: Những Cầu Thủ Chạy Nhanh Nhất Thế Giới, Bất Ngờ Vị Trí Số 1
“The hacker created a proxy on the credential page khổng lồ log the credentials of Facebook employees. These logged passwords were stored under website directory for the hacker to use
Logged Facebook employee credentials could have given the hackers access to tin nhắn accounts, Facebook’s virtual private network và other company tools. Photograph: Jonathan Nackstrand/AFP/Getty ImagesAccording lớn Tkhông nên, the logged Facebook employee credentials could have given the hackers access khổng lồ gmail accounts, Facebook’s virtual private network and other company tools. Facebook user data is stored separately to its corporate network; it is unknown whether the right Facebook employee credentials could have sầu given the hackers access to Facebook user data.
Tkhông nên said: “At the time I discovered these, there were around 300 logged credentials dated between 1–7, from 1 February, mostly ‘
fb.com’ và ‘
facebook.com’. Upon seeing it I thought it was a pretty serious security incident.”
The penetration testing – a series of attempts by security researchers to lớn find và report holes in a site or service’s cyber security – was conducted as part of Facebook’s Bug Bounty, which sees the social network pay people who find và discchiến bại vulnerabilities khổng lồ the company.
Facebook was alerted lớn the haông xã on 5 February by Tkhông đúng. The company launched an internal investigation, which concluded on trăng tròn April, allowing Devcore khổng lồ publish the details of the hack.
Xem thêm: Kể Chuyện Cổ Tích Việt Nam Cho Bé, Truyện Cổ Tích
Commenting on tin tặc News, a Facebook security team member called Reginalbởi said: “On this case, the software we were using is third buổi tiệc nhỏ. As we don’t have full control of it, we ran it isolated from the systems that host the data people cốt truyện on Facebook. We bởi this precisely khổng lồ have sầu better security.
“We determined that the activity Orange detected was in fact from another researcher who participates in our bounty program. Neither of them were able to lớn compromise other parts of our infra-structure.”
Chuyên mục: Công nghệ