First real stumble by Facebook

I’m a Facebook fan and strongly believe that it is destined to break all records when it is either bought or is listed. Today however, Facebook took its first real knock with users reporting that they were getting data that was not their own. The team at my office first thought it was a proxy issue but we later discovered that the problems were widespread. Facebook is currently down with an “We’re upgrading” message on their sparse home page. I wish I was a fly on their wall. The tension must be excruciating.

Will the rumored offer of something like $5 billion be something that the owners later look at with broken hearts. Can you imagine the disappointment if similar offers fail to materialize.

Update:
Here is a link to a pdf document detailing an xss attack on Facebook. The document, written by Adrienne Felt, has been censored by the author until the vulnerability has been fixed by Facebook. It appears that the outage today was to correct security holes as identified in the document.

Update:
Facebook is online. I’ve noticed that now after the update if you click on a profile of a member that is not one of your friends, you are redirected to the basic search screen. All profiles, even those marked as public behave in a similar manner.

Update:
Facebook PR has a group that they’ve invited some of the press and bloggers into. Here’s an official statement that was just posted to that group:

This morning, we temporarily took down the Facebook site to fix a bug we identified earlier today. This was not the result of a security breach. Specifically, the bug caused some third party proxy servers to cache otherwise inaccessible content. The result was that an isolated group of users could see some pages that were not intended for them. The site has now been restored and we apologize for any inconvenience this may have caused.”

Update:
Is Facebook still insecure?

Advertisements

25 Responses to “First real stumble by Facebook”

  1. Chris Hoskin Says:

    I had a similar issue with LinkedIn recently. The wrong data – with full access to everything. Scary. Fortunately I am an honest fellow.

    Surely at $5B the time is now for Facebooks founders? There is still time to get something else created and away during the 2.0 boon.

    Chris from rawstylus.wordpress.com

  2. Nick Moreau Says:

    This whole scenario is being seconded by two people on this blog…

    http://www.mdibb.co.uk/2007/07/31/did-facebook-get-hacked-today/#comment-193

    This is very interesting.

  3. princesscinderella Says:

    I think they have been hacked!!

  4. Escargot Says:

    So……..I think I might…….die…..no……have a coffee and …….care……not much……

  5. What Happened to Facebook? | Says:

    […] Facebook today? One blogger believes that Facebook was hacked. His argument seems convincing. This blogger believes it might have been proxy issues. You can follow more of the story […]

  6. Facebook is Down! (Now people can get back to work) Says:

    […] Suggestions of hacking – https://strennery.wordpress.com/ […]

  7. webusabilityexpert Says:

    I think there are many companies that are guilty of not putting security further up their list of priorities – real shame that it has happened to Facebook.

  8. Nimish Says:

    it just seems weird that they are having an upgrade at a time when there is bound to be a lot of traffic….its scary now….

    nimishgogri.blogspot.com

  9. ian andrew bell » Blog Archive » The Great FaceBook Blackout: July 31, 2007 Says:

    […] have been contained in the teapot. You are now free to resume normal time-wasting. 1:12PM: As another blogger reports, this was really the first big stumble by FaceBook. Some are theorizing that it was a proxying […]

  10. Facebook Not Hacked, But Bug Let You Read Other’s Mails Says:

    […] was fixed – certainly the right thing to do. Other allege that Facebook took the site down to fix a security hole that would enable a XSS attack, although that seems unlikely in light of the mail […]

  11. proxieslist.net Says:

    […] was fixed – certainly the right thing to do. Other allege that Facebook took the site down to fix a security hole that would enable a XSS attack, although that seems unlikely in light of the mail […]

  12. alagaesian Says:

    had the same problem in facebook… what’s the possibility of it being hacked due to the recent legal pursuits by a third-party claiming the idea was stolen from them… (i don’t remember the details).

    what someone should come up with is an application linking all such networking sites together… i have trouble catching up on facebook, friendster, hi5, bebo and multiply… let alone maintaining a blog!

  13. alagaesian Says:

    wait a sec.. how’d you make the facebook buttom with profile pic on your blog? great if you can show me.

  14. Technology News Daily Says:

    […] fixed – certainly the right thing to do. Others allege that Facebook took the site down to fix a security hole that would enable a XSS attack, although that seems unlikely in light of the mail […]

  15. Top Posts « WordPress.com Says:

    […] First real stumble by Facebook I’m a Facebook fan and strongly believe that it is destined to break all records when it is either bought or is […] […]

  16. Guest1234 Says:

    “I’ve noticed that now after the update if you click on a profile of a member that is not one of your friends, you are redirected to the basic search screen. All profiles, even those marked as public behave in a similar manner.”

    How is this different from before?

  17. Shaun Trennery Says:

    Hi Guest1234

    As I recall, when you clicked on the profile on of a member that was not one of your friends, it would display the member’s profile page. When the profile was marked as private, the member’s name would not be clickable.

    Since yesterday’s update, all profiles are clickable, but your are now redirected to the search page even if the profile is marked as public.

    I notice now thou, that the behavior I noticed last night has been corrected.

  18. Shaun Trennery Says:

    Here is a link to details on how to add a profile badge to your blog:
    http://facebook.co.za/2007/07/16/create-a-facebook-profile-badge-for-your-blog/

  19. The Facebook xss Attack! - Facebook Rocks Says:

    […] to get my mind around what has been causing all this nonsense. I finally stumbled across a good site, which had some more information on this […]

  20. Technology News Daily Says:

    […] was fixed – certainly the right thing to do. Other allege that Facebook took the site down to fix a security hole that would enable a XSS attack, although that seems unlikely in light of the mail […]

  21. Facebook Not Hacked, But Bug Let You Read Other’s Mails | Tekjuice.com Says:

    […] was fixed – certainly the right thing to do. Other allege that Facebook took the site down to fix a security hole that would enable a XSS attack, although that seems unlikely in light of the mail […]

  22. Facebook Not Hacked, But Bug Let You Read Other’s Mails | Tekjuice.com Says:

    […] was fixed – certainly the right thing to do. Other allege that Facebook took the site down to fix a security hole that would enable a XSS attack, although that seems unlikely in light of the mail […]

  23. Adrienne Felt Says:

    Hi, I’m the author of that white paper you link to. Thanks for the link! However — my work ended up being unrelated to the problem. They actually have not fixed either the XSS hole or the underlying design problems that make the Facebook site insecure. It was temporarily sorta-fixed for two days but the sorta-fix has been taken down; it was just a side-effect of their proxy bug fixing.

  24. Facebook Still Insecure? « These are the days Says:

    […] Still Insecure? On the 31st of July I posted my thoughts on the problems Facebook where having during the course of the day. According the Facebook, the […]

  25. Facebook: Strike Two « These are the days Says:

    […] Strike Two After the reported problems on the 31st July, Facebook has taken another knock with someone posting the PHP source […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: