Even a tech giant like Facebook is not immune to significant security breaches. At the site devco.re was published data showing that someone has installed a backdoor in one of the corporate servers of Facebook in an attempt to gain information about employees. Although it is not clear how successful was this course of hackers.
There were two periods that the system was obviously operated by the hacker, one in the beginning of July and one in mid-September
Thanks to this backdoor hackers were able to check e-mail of employees, or even connect to virtual private network on Facebook, to gain access to internal projects.
This incident shows that Facebook is a desirable target for hackers and the company not always can protect herself.
After adequate proofs had been collected, they were immediately reported to Facebook Security Team. Other than vulnerability details accompanying logs, screenshots and timelines were also submitted xD
Also, from the log on the server, there were two periods that the system was obviously operated by the hacker, one in the beginning of July and one in mid-September.
The July one seemed to be a server “dorking” and the September one seemed more vicious. Other than server “dorking” keyloggers were also implemented. As for the identities of these two hackers, were they the same person? Your guess is as good as mine. 😛
The time July incident happened to take place right before the announcement of CVE-2015-2857 exploit. Whether it was an invasion of 1-day exploitation or unknown 0-day ones were left in question.