<Update>:
Ok so it would seem that Facebook were fixing a technical issue regarding proxies, and nothing to do with security, according to the Scobleizer blog (which has some sort of access to Facebook’s PR team). Facebook is now alive again, and sporting some new hash values in the URLs - presumably unique to prevent proxy issues again…
I’ve seen a lot of links mention my employer in association with this post. I’d just like to reiterate that although I am employed by IBM, this is a personal, non-work related blog.
The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions.
For more details about this and the IBM blogging guidelines, please read the About page.
</Update>
Earlier on today I was getting some trouble connecting to Facebook’s login page - after trying to log in the connection just kept timing out instead of taking me to my home page like it usually does. Its pretty unusual for Facebook as its usually pretty reliable. But, these things do happen from time to time so I thought nothing of it.
A couple of hours later I came back to my computer after finishing up some work elsewhere and tried logging in again (I’m not addicted - I can stop any time I want…!). To my surprise my login details - usually stored and prefilled by Firefox - had gone and were replaced by an unfamiliar email address. I was certain that I had locked my computer before I left it (good habit to get into…), but it wasn’t beyond the realms of reality that I had forgotten and someone took the chance to log into Facebook. Unlikely - but certainly not impossible.
So I cleared the cookie and went back to Facebook again to log in. But now the Facebook page was showing me a completely different email address. A quick look in the source code and sure enough the email address was hard-coded into the <input> tag’s value attribute! If I refreshed the page immediately I got my email again, but if I closed the browser and left it for a few minutes then went back - bingo! Another person’s email address had appeared! I wonder how many “live” email address got harvested today? I know I saw at least 5 or 6 and I was only looking for a few minutes…
So fast forward another couple of hours and I visit facebook again - now more out of curiosity than clinical addiction - and there is a notice up (click for larger version):
Pardon my paranoia, but is this not pretty odd? No prior warning, no adverts, no schedule, the source code has what looks like some frantically hand-coded HTML using <center> and <br> despite the XHTML doctype . Makes you wonder. What happened today Facebook?
July 31st, 2007 at 6:01 pm
i experienced the same thing as well.
i could read people’s inbox o.o and that was quite scary.
maybe they did get hacked o.O…
*NOOOOOO*
July 31st, 2007 at 6:18 pm
I’ve sent an email to Caroline McCarthy of C|Net, pointing her to your blog. She was the first media outlet to cover the downage, and so I presume she’ll be interested in your theory.
July 31st, 2007 at 6:25 pm
depending on the extent of the hack, that could be terrible
the number of addresses, phone numbers, emails…
i think any other personal information would take way too long to sift through. so the hackers probably aren’t going to ABUSE your favorite music, etc. but they definitely got your email, i guess?
what’s the worst case scenario? the best?
July 31st, 2007 at 6:26 pm
they have a new screen up now
July 31st, 2007 at 6:28 pm
bad title.
July 31st, 2007 at 6:42 pm
Looks like they linked you!!
http://news.com.com/8301-13577_3-9752567-36.html
July 31st, 2007 at 6:43 pm
It’s back up now
July 31st, 2007 at 6:50 pm
I log into Facebook first thing at work, but today I had to switch off proxy settings in IE to log in. I feared work finally caught on we were all wasting time on it and figured out how to block it, but I guess it’s more serious than that.
July 31st, 2007 at 7:17 pm
Being a developer myself, I think it’s quite evident that Facebook was hacked today. Had they been simply upgrading, from a software standpoint, this is done in an offline controlled environment where all tests can be performed prior to a full release. This is so you don’t suffer the downtime that FB saw today. From a hardware standpoint, they are adding servers to their farm on a constant basis - never a hiccup - because everything is load balanced. I’m quite positive that they were hacked.
July 31st, 2007 at 7:18 pm
I’ve also just noticed that all of their URL’s now have a new variable that was never there before:
“pwstdfy=”
I’m guessing that this is an acronym of some sort, the first two letters standing for password, but that’s just my thought. Regardless, it looks like an added security measure, most likely checking against a cookie value for verification.
And in addition, I see the Wikipedia entry has now been locked for editing after people started speculating further that FB had been hacked. Hmmmmmmmmmm.
July 31st, 2007 at 7:48 pm
it just seems weird that they are having an upgrade at a time when there is bound to be a lot of traffic….its scary now….
nimishgogri.blogspot.com
July 31st, 2007 at 7:55 pm
I work at IBM in Hursley, had the same problem with the unfamiliar email address — although this is a proxy issue (I believe most of IBM’s internet traffic goes via a proxy somewhere in Germany), not anything to do with Facebook.
July 31st, 2007 at 8:19 pm
Yep! I experienced the same thing… kinda whack!