What began as a simple bug bounty hack has led to a surprising discovery as a white-hat hacker has managed to find a backdoor located in Facebook’s corporate server that is configured to steal Facebook employees’ login credentials.
Said backdoor was found by DEVCORE security researcher Orange Tsai when he scanned Facebook’s IP adress space that led him to the files.fb.com domain that was hosting a vulnerable version of the Secure File Transfer application (FTA) made by Accellion. This FTA application was used by Facebook employees for file sharing and collaboration purposes.
After identifying the vulnerabilties in the FTA and gaining access to Facebook’s server through them, Tsai started analyzing the log information. This is when he spotted a PHP-based backdoor, known as a PHP Web shell, installed on the server by a presumably malicious hacker.
Since discovering this backdoor, Tsai has already informed Facebook about it and the backdoor has since been closed. Tsai has also been awarded with USD 10,000 for his troubles. As for the rest of us, you need not worry as the backdoor affects only Facebook’s corporate server, meaning no private user data was leaked through the backdoor.
Source: The Hacker News, DEVCORE blog