VPN Articles and News

Facebook’s Corporate Network Hacked

Sunday, October 23rd, 2016

Although Facebook is one of the giants of the internet, it seems its infrastructure is not immune from online security breaches and threats. This was demonstrated recently when a researcher managed to hack into the company’s corporate network and discovered that another group of hackers have been siphoning off Facebook’s employees’ user credentials for several months. The discovery is not only embarrassing for the social media giant but also raises serious questions about the security practices followed by the company.

The breach was discovered by the researcher Orange Tsai (who works for Taiwanese security firm Devcore) in the first week of February’ 2016 . He relied on penetration testing methodology and a third party software developed by Accellion to infiltrate into Facebook’s corporate network. After Tsai managed to breach the network, he discovered a file-transfer backdoor already installed into it which was being used by one or more hackers to steal user credentials of the employees. As per the media reports, the backdoor was probably installed in July’ 2015 (when hackers were targeting Facebook’s infrastructure) and was being used until at least February’ 2016. Tsai revealed the breach to Facebook and was awarded $10,000 under the company’s bug bounty program.

As per Tsai, hackers had installed a proxy on the user credentials screen to log the username/password details of the employees. The stolen credentials were stored in a directory and could be accessed by the hacker(s) at any time. While infiltrating into the network, Tsai stumbled across a list of 300 userid/password credentials that logged in the network between 1st and 7th February’ 2016. These records were mostly from the domains fb.com and facebook.com indicating the seriousness of the breach. Apart from the list of userids/passwords, Tsai also discovered seven other vulnerabilities within the company’s corporate network.

As well as allowing the hackers to log into the company’s network, the stolen credentials could also have been used to access the employees’ email accounts, Facebook’s VPN as well as other tools and technologies that are available only to the company’s employees. Since Facebook stores corporate and user data on separate servers, it is assumed that the user data of millions of Facebook users was never at risk. However, if an employee had authorization to access user data and his credentials were compromised then the hackers would have got access to user data as well.

Despite the severity of the threat, Facebook has stated that its employees data was never compromised. The company’s spokesman said that the other hacker was also a security researcher who was discovering loopholes in the company’s network and neither researcher was able to infiltrate into other parts of the company’s corporate network. The spokesman also said that the threats were discovered on networks that were totally isolated from the networks being used by the Facebook users. However, security researchers remain unconvinced and some of them have voiced concerns regarding the nature of the security threats that were discovered. Security experts have also advised Facebook to move to a more secure login system instead of relying on the age old username/password based login system.

October 23, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 8 =