Did Facebook’s Backdoor Hack Put Consumers At Risk?

A new report suggests that Facebook’s security may not be as good as it appears.

As part of Facebook’s bug bounty program, professional hackers were brought in to see if there were vulnerabilities in its system by seeking out bugs. But, as it turns out, Facebook had already been hacked with malware via a backdoor hack.

The bug bounty hunter, Orange Tsai, was reportedly the one to discover this. This Devcore cybersecurity expert reportedly found what’s known as a malicious web shell that may have enabled hackers to access Facebook employees’ information. As for the rest of its security protocols? No report on that yet. It’s also unknown how widespread the malware was in Facebook’s network.

Tsai’s work also got him $10,000 from Facebook for catching the malware in the system. This was apparently discovered by him back in February, but the professional hacker just reported on it in a blog post.

And, according to recent reports on this discovery, Reginaldo Silva, Facebook’s security engineer, reported that the malware had been inserted into its network from another security expert reportedly looking for a bug bounty. But instead, that hacker apparently used it to enable malware to get into the system.

“In this case, the software we were using is the third party. As we don’t have full control of it, we ran it isolated from the systems that host the data people share on Facebook,” Silva was quoted as saying.

While the issue appears to have been taken care of now, the attack may have intruded into Facebook employees’ emails or even breached Facebook’s private network to gain insider company details. But from all accounts, those issues seem to have been taken care of.

Why Tsai waited to report the issue is because Facebook had to review the issue before he was allowed to publicly discuss the matter. And because the backdoor access does not exist anymore, the threat (at least, for now) appears to be gone.