Hackers Installed Backdoor Script On Facebook Server To Steal Workers' Login Credentials

Rina Marie Doctor, Tech Times 24 April 2016, 11:04 pm

Hackers were able to install a backdoor script on Facebook's corporate server to steal workers' login credentials.

Facebook is undeniably one of the biggest web companies in the world. For hackers, it is a dream to hack through the system of companies like Facebook and open doors of unlimited advantageous possibilities such as earning big through bug bounty programs.

Backdoor Script Installed

Facebook was able to discover that malicious hackers were able to penetrate into the company's server and installed a backdoor that aims to steal the login credentials and details of Facebook employees.

To make it clear, the said action did not affect Facebook users because the script was installed into the corporate server and not on the primary server, the main door.

How Did Facebook Find Out About The Backdoor Script?

The bug was detected and taken care of, all thanks to a whitehat hacker named Orange Tsai.

Tsai is a security researcher working for Taiwanese security vendor DEVCORE. He discovered the script accidentally while looking for bugs, which could make him earn some cash.

Tsai's Tactics

Tsai looked into the IP address of Facebook that directed him to the domain files.fb.com. The said domain was moderating a susceptible account of Accellion's Secure File Transfer application (FTA) and was used by Facebook employees for communication and file sharing.

Tsai then investigated the vulnerable FTA and found a total of seven bugs. He then used those discoveries to access the server of Facebook.

When Tsai was able to get through, he began looking into the existing log data on the server of Facebook. He compiled them all in a report and in the process, was able to detect a PHP-based backdoor, known as PHP Web Shell that had potentially been set up by a hacker on the Facebook server.

"After adequate proofs had been collected, they were immediately reported to Facebook Security Team," writes Tsai. "Other than vulnerability details accompanying logs, screenshots and timelines were also submitted."

Facebook gave Tsai $10,000 as a reward. The company also established its own forensics analysis, enabling Tsai to reveal the susceptibilities in a responsible manner.