Did Facebook get hacked today?
<Update>:
Ok so it would seem that Facebook were fixing a technical issue regarding proxies, and nothing to do with security, according to the Scobleizer blog (which has some sort of access to Facebook’s PR team). Facebook is now alive again, and sporting some new hash values in the URLs - presumably unique to prevent proxy issues again…
I’ve seen a lot of links mention my employer in association with this post. I’d just like to reiterate that although I am employed by IBM, this is a personal, non-work related blog.
The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions.
For more details about this and the IBM blogging guidelines, please read the About page.
</Update>
Earlier on today I was getting some trouble connecting to Facebook’s login page - after trying to log in the connection just kept timing out instead of taking me to my home page like it usually does. Its pretty unusual for Facebook as its usually pretty reliable. But, these things do happen from time to time so I thought nothing of it.
A couple of hours later I came back to my computer after finishing up some work elsewhere and tried logging in again (I’m not addicted - I can stop any time I want…!). To my surprise my login details - usually stored and prefilled by Firefox - had gone and were replaced by an unfamiliar email address. I was certain that I had locked my computer before I left it (good habit to get into…), but it wasn’t beyond the realms of reality that I had forgotten and someone took the chance to log into Facebook. Unlikely - but certainly not impossible.
So I cleared the cookie and went back to Facebook again to log in. But now the Facebook page was showing me a completely different email address. A quick look in the source code and sure enough the email address was hard-coded into the <input> tag’s value attribute! If I refreshed the page immediately I got my email again, but if I closed the browser and left it for a few minutes then went back - bingo! Another person’s email address had appeared! I wonder how many “live” email address got harvested today? I know I saw at least 5 or 6 and I was only looking for a few minutes…
So fast forward another couple of hours and I visit facebook again - now more out of curiosity than clinical addiction - and there is a notice up (click for larger version):
Pardon my paranoia, but is this not pretty odd? No prior warning, no adverts, no schedule, the source code has what looks like some frantically hand-coded HTML using <center> and <br> despite the XHTML doctype . Makes you wonder. What happened today Facebook?
Jul 31st 2007
i experienced the same thing as well.
i could read people’s inbox o.o and that was quite scary.
maybe they did get hacked o.O…
*NOOOOOO*
Jul 31st 2007
I’ve sent an email to Caroline McCarthy of C|Net, pointing her to your blog. She was the first media outlet to cover the downage, and so I presume she’ll be interested in your theory.
Jul 31st 2007
depending on the extent of the hack, that could be terrible
the number of addresses, phone numbers, emails…
i think any other personal information would take way too long to sift through. so the hackers probably aren’t going to ABUSE your favorite music, etc. but they definitely got your email, i guess?
what’s the worst case scenario? the best?
Jul 31st 2007
they have a new screen up now
Jul 31st 2007
bad title.
Jul 31st 2007
Looks like they linked you!!
http://news.com.com/8301-13577_3-9752567-36.html
Jul 31st 2007
It’s back up now
Jul 31st 2007
I log into Facebook first thing at work, but today I had to switch off proxy settings in IE to log in. I feared work finally caught on we were all wasting time on it and figured out how to block it, but I guess it’s more serious than that.
Jul 31st 2007
Being a developer myself, I think it’s quite evident that Facebook was hacked today. Had they been simply upgrading, from a software standpoint, this is done in an offline controlled environment where all tests can be performed prior to a full release. This is so you don’t suffer the downtime that FB saw today. From a hardware standpoint, they are adding servers to their farm on a constant basis - never a hiccup - because everything is load balanced. I’m quite positive that they were hacked.
Jul 31st 2007
I’ve also just noticed that all of their URL’s now have a new variable that was never there before:
“pwstdfy=”
I’m guessing that this is an acronym of some sort, the first two letters standing for password, but that’s just my thought. Regardless, it looks like an added security measure, most likely checking against a cookie value for verification.
And in addition, I see the Wikipedia entry has now been locked for editing after people started speculating further that FB had been hacked. Hmmmmmmmmmm.
Jul 31st 2007
it just seems weird that they are having an upgrade at a time when there is bound to be a lot of traffic….its scary now….
nimishgogri.blogspot.com
Jul 31st 2007
I work at IBM in Hursley, had the same problem with the unfamiliar email address — although this is a proxy issue (I believe most of IBM’s internet traffic goes via a proxy somewhere in Germany), not anything to do with Facebook.
Jul 31st 2007
Yep! I experienced the same thing… kinda whack!
Jul 31st 2007
Had the exact same thing happen, clicking the link to the status updates logged me out and someone elses e-mail address was in the log in box - also got some weird messages from people I didn’t even know in my inbox - which are mysteriously gone now???
Strange…
Jul 31st 2007
Anyone else notice the unique (per request!), random pwstdfy param attached to every request now?
Jul 31st 2007
OK mine didnt get ‘hacked’ so to speak but whenever i try to log on it says “Hey, your account is temporarily unavailable due to site maintenance. It should be available again within a few hours. We apologize for the inconvenience.” and it keeps redirecting but that always goes to “Internet Explorer cannot display the webpage” or w/e. IM SUPER PISSED. i just got on last night (and i think this morning even) and it was okay now its just making me mad.
Jul 31st 2007
Way to scoop the rest of the world on this story, man
Jul 31st 2007
Sure it has been hacked, because not the next startup, but hacker is the FB killer. Hacker selling your very own personal data (not phone numbers or e-mails
or hacker making them publicly available for download. (Do you know who was that nice blond woman in your bed last weekend? And what about your wife?) There is the end of the nice ’social 2.0′ world 
You should to sell Zuckerberg.
Jul 31st 2007
hi,
Thankyou for bringing this to our attention. I for one will trust the FaceBook no longer with my personal datas.
Jul 31st 2007
I need facebook to live.
Bastard hackers.
Jul 31st 2007
lol ie.
Aug 1st 2007
Time for a social networking substitute. May I suggest ClutterMe anyone?
Aug 1st 2007
Makes you realise just how dependant on certain websites you become. I blogged about it here:
http://www.u-g-h.com/index.php/2007/07/31/when-sites-go-down/
Aug 1st 2007
I run a Social Networking site (on a very small scale - not been officially launched yet) and was worried about the possibilities of hackers getting personal data, so my system was designed to have two parts - the public facing profile, social networking bit, and a higher security bit that holds contact details, diary entries, etc. I think there could have been a severe security issue here with Facebook that could have been avoided, but I guess no on-line service that stores personal data is going to be 100% safe under all circumstances - after all, it’s easier to get someone’s login and password (just asking people in the street, telling them it’s a survey seems to do the trick!) than it is to steal a physical address book!
Aug 1st 2007
hope it will be back soon…
Aug 3rd 2007
There was really no excuse for the <center;> element or the unclosed <br;>
Aug 3rd 2007
hah, and i write that as i mistype the named entities….
Aug 3rd 2007
8 of my friends have had their accounts deleted today. It’s happened to other friends of friends as well. Definitely something amiss with Facebook…
Sep 7th 2007
Looks like this has happened again (7.9.07). I have ben unable to log on since 9am, it is now 10.15pm,(I have that “site maintenance” message) and I have disappeared from facebook completely. I have vanished from friend’s lists, and can’t be found on searches. Have I been hacked? I emailed facebook 2 hours ago, and got an automated message. What is going on?
Sep 12th 2007
it seems i am having the same problem as you descibed earlier. it wouldn’t surprise me if someone did hack facebook. IMHO they would probably do it for bragging rights vs info.
Sep 18th 2007
yeah this is weird. i logged on last night before bed at about 2am and when i went on this morning like 7 or 8 hours later, it said it didn’t recognize my password. so i said i’d reset it, no big deal. didn’t recognize either of the emal addresses i have associated with the accout. says they’re unregistered… try emailing for some technical help and i get an automated reply saying that they got my message and that they’ll be back to me shortly. i looked and my profiles still up, nothings changed and when i send my profile a message, i still get the email saying that i recieved a message on facebook. weird.
Jan 26th 2008
i’ve been hacked into facebook with a totally different profile picture, and perverse statements. not knowing who it was, i deactivated my account completely with no opt to receive anymore messages. calling in a techi , they’ve told me that i was hacked by my own ip address which clearly states that my computer has been hacked by an unknown source. or should i say by my own computer. i live alone and have no children nor spouse. the hacker who did this is a real evil genius i might add.
thank you.