We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

Facebook denies code leak threatens users

Source code available on Facebook Secrets

Facebook insists its users' personal data was not put at risk by a source code leak that exposed the social-networking site at the weekend.

The source code, which was posted on Saturday to a blog called Facebook Secrets, was still available on Tuesday morning on the blog.

A spokeswoman for Facebook said in a statement emailed to PC Advisor's sister title Computerworld US that "a small fraction of the code that displays Facebook web pages was exposed to a small number of users" because of a misconfigured web server that was fixed "immediately".

The incident was not a security breach "and did not compromise user data in any way," the spokeswoman said. "Because the code that was released only powers the Facebook [user interface], it offers no useful insight into the inner workings of Facebook," she added.

However, Pete Lindstrom, a senior security analyst at Burton Group, said that anytime source code is accidentally revealed, "there is potential for an increase in risk". He added that when a company dismisses the security implications of such an incident, there likely really are security issues.

"There are enough folks out there trolling the websites and pulling that code who will be perfectly happy to try to identify vulnerable areas that could be exploited," Lindstrom said. "If you're release source code to the wild, you're going to have some level of increased risk associated with it. I can't think of a case where you wouldn't."

Nik Cubrilovic, a developer and contributor to TechCrunch, which originally reported the source code leak, blogged that the code could be used by outsiders to better understand how the Facebook application works. With that knowledge, Cubrilovic said, those outsiders can find additional security holes or bugs.

"From just this single page of source code, a lot can be said and extrapolated about the rest of the Facebook application and platform," he wrote. "At a quick glance, I know that I can see some obvious things in the code that both reveal certain hidden aspects of the platform and give a potential attacker a good head start.

"[Facebook] will also need to take some very quick short-term measures to mitigate the risk to users since you can bet that right this minute there are hundreds of potential attackers pouring through the leaked code and probing their systems," he added.

See also: 20% of Facebook users are IDiots


IDG UK Sites

Motorola Moto G vs Nokia Lumia 530 comparison: What's the best budget smartphone

IDG UK Sites

Everything you need to know about Apple's iPhone Camera in iOS 8

IDG UK Sites

Why you shouldn't trust password managers

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer