Facebook servers were hacked recently to steal workers log-in credentials through a backdoor script. The hacking activity was successful and might have opened doors of unlimited advantages, if the hack was not identified by a security researcher on time.
The worlds leading social networking giant admitted that its servers were hacked, but denied the news that critical info was leaked in this process. To make it clear, the said action did not affect Facebook users because the script was installed into the corporate server and not on the primary server.
The Backdoor script was identified by a whitehat hacker named Orange Tsai- working as a security researcher for Taiwanese Security Vendor ‘Devcore’. He discovered the script accidentally while looking for online bugs, which could earn him some cash.
The identification process started when Tsai looked into the IP address of Facebook that directed him to the domain files.fb.com. The said domain was moderating a susceptible account of Accellion’s Secure File Transfer application (FTA) and was used by Facebook employees for communication and file sharing. Tsai then investigated that vulnerable FTA and found a total of seven bugs. He then used those discoveries to access the server of Facebook.
When Tsai was able to get through, he began looking into the existing log data on the server of Facebook. He compiled them all in a report and in the process, was able to detect a PHP-based backdoor, known as PHP Web Shell that had potentially been set up by a hacker on the Facebook server.
Tsia took hold of all the valid proof and mailed them to Facebook’s Security team, which in-turn rewarded him with $10,000 and also initiated its own forensic analysis.