A security researcher looking for vulnerabilities in Facebook’s corporate servers found precisely what he wanted. Unfortunately, he also discovered that at least two other people got there first; and were in the process of attempting to steal login credentials from the world’s largest social media network.
Orange Tsui, a researcher with Taiwanese security company DEVCORE, conducted a penetration test against Facebook’s cybersecurity defences. He was mainly motivated by the bug bounty programme offered by Facebook, saying that the cash reward was very substantial.
While testing the defences and looking for a point of entry, Tsui discovered a series of strange scripts that didn’t look like they belonged on the server. It also looked like there were two sets of scripts, each attempting to perform a different function. Tsui is unsure if the two attacks were perpetrated by the same person or if it was a single attacker who kept trying new things.
Facebook users shouldn’t be too worried about the security breach. The attackers gained access to the corporate servers, which are separate from the actual social media network. However, it also means that someone managed to steal credentials that may provide access to Facebook’s email and internal VPN.
The company has already closed the backdoor that allowed the attackers to gain access to it servers, which is why Tsui made his findings public. In addition, the security researcher was awarded $10,000 (about RM39,000) for discovering the vulnerability.