A hacker by the name of Orange Tsai, a self-described “penetration tester,” wrote in a blog post that he has discovered seven security vulnerabilities in the servers of Facebook, with a few allowing him to take control of the social network’s servers by using a web shell.
“After taking control of the server successfully, the first thing is to check whether the server environment is friendly to you,” Tsai wrote. “To stay on the server longer, you have to be familiar with the environments, restrictions, logs, etc and try hard not to be detected.”
This proved to expose some PHP error messages which seemed to be caused by some unauthorized visitor also trying to modify web shells. This ultimately led to the other hacker creating a proxy on the credential page to log Facebook employees’ credentials. Be aware that Tsai isn’t a bad hacker and doesn’t want to steal any average Facebook user’s information. In fact, the other hacker didn’t even want information on user’s credentials, just the one’s associated with FB workers.
Unfortunately, this hacker was able to get his hands on quite a handful of credentials:
“And at the time I discovered these, there were around 300 logged credentials dated between February 1st to 7th, from February 1st, mostly ‘@fb.com’ and ‘@facebook.com,'” Tsai wrote. “Upon seeing it I thought it’s a pretty serious security incident.”
Two different time periods when the other hacker had access to Facebook’s servers were also discovered by Tsai during a thorough review of the logs captured. These periods included a time in the beginning of July and some point in mid-September. This was ultimately the time when Tsai reported to the FB security team what was going on and stated that FB told him they were investigating the situation more.
He also said he was offered $10,000 as part of the bug bounty program and was asked not to disclose the exploit until Facebook completed its investigation on April 20th. This was done, and a FB spokesperson stated that the server vulnerability belonged to a third party file sharing platform the social network no longer operates. The spokesperson went on to say that Facebook was able to identify the other hacker, a security researcher who “was also participating in our bug bounty program and who was testing the same third party software.” The company has ultimately taken care of the issue and has since then shut down the servers affected so no more vulnerabilities were present.
Source: PCMag
Be warned most of these so called hackers are imposters, I have been ripped off twice already, thankfully my friend gave me a reliable contact, they work with discretion and deliver, they do all sort of hackings, (unrestricted and unniticeable access to your partner/spouse phone and PC). i will prefer to let their serivices speak for itself. you can contact them through their mail account (ballinhackings@gmail.com). they will also help you to hack and change university grades. that easy.
Special thanks to jacob and other staffs of ballinhackings campany, they have held on to their words. I was able to access my man’s facebook conversations, and the deleted ones, I’m sure they can hack other social accounts. You can e-mail them ballinhackiings@gmail.com. Honestly, they are good, they rescued me after some hackers collected money upfront and never delivered.
If you need to hack into any database, delete record, improve credit score, spy on whatsapp, text, phone, emails, as long as it’s hack contact Ciprian @via Email :: bbesthacker0@gmail.com Whats-App ::+2348184026433 he is great, you won’t be disappointed, cheap and fast, he saved my relationship Tell him Ciprian Williams