A hacker looking for a way to break into Facebook’s internal servers has found evidence of another intruder. The evidence consists of files found on an abandoned Facebook server, thought to be left there by another hacker.
In a blog post, Devcore security researcher Orange Tsai described the details on how he hacked the Facebook server and found someone’s backdoor script.
Tsai said: "While collecting vulnerability details and evidences for reporting to Facebook, I found some strange things on web log.
"The hacker created a proxy on the credential page to log the credentials of Facebook employees. These logged passwords were stored under web directory for the hacker to use WGET every once in a while."
Tsai discovered that there were about 300 logged credentials dated between February 1 to 7.
The researcher then alerted Facebook about the hack on 5 February. The social networking giant launched an internal investigation, which was completed on 20 April, allowing Devcore to publish the details of the hack.
In a statement on the Hacker News site, Facebook said it was pleased Tsai reported his findings.
"After incident response, we determined that the activity Orange detected was in fact from another researcher who participates in our bounty program. Neither of them were able to compromise other parts of our infra-structure."
Tsai won a $10,000 bug bounty from Facebook for identifying the vulnerable server.
In September 2013, an Indian electronics and communications engineer discovered a bug that can exploit the mobile version of Facebook’s support dashboard.
Facebook has, however, fixed the bug which allowed hackers to delete any image stored on the social networking website without the user’s knowledge.
In June 2014, security researchers discovered a Bitcoin mining Trojan that spreads through Facebook to infect computers to use the computing resources for mining cryptocurrency.
