Facebook security team discovered that a blackhat hacker has breached into its server and installed a backdoor that was designed to steal login information of Facebook Employees.
Secret Backdoor Installed on Facebook By Hacker To Steal Passwords
However, Facebook user accounts are not affected by this breach as the backdoor is found in the Facebook’s corporate server, and not on its main server. The company would have never noticed the backdoor, the whitehat hacker had never found the backdoor script while looking for vulnerabilities.
Security consultant, Orange Tsai with Taiwanese penetration testing outfit Devcore, had beginned by mapping Facebook’s online products. While doing this, one server grasped his attention which was files.fb.com, which hosted a secure file transfer application made by enterprise software vendor Accellion and was probably used by Facebook employees for the purpose of file sharing and collaboration.
Tsai examined the application and discovered seven vulnerabilities including two remote code execution ones. He utilized the vulnerabilities to obtain access to Facebook’s corporate server and he started collecting details from its logs in order to make report from the Facebook’s security team.
He spotted some strange errors in the server’s log in the PHP based backdoor known as PHP Web shell that had been possibly installed on the server by a malicious hacker.
Tsai reported all his findings to Facebook and he was later awarded $10,000 bug bounty and he launched its own forensic investigation that was completed this month, permitting him to reveal the vulnerabilities responsibly.