Software // Information Management
02:25 PM

Facebook Source Code Leak Raises Security Questions

Examining the leaked code reveals vulnerabilities in Facebook's applications that could be exploited, a developer said.

Facebook source code has been leaked on the Web, and that's raising some serious issues about the site's security and data privacy.

Source code from the social networking site's main index page appeared on a blog called Facebook Secrets recently and remained there Tuesday. The blog does not contain any other postings.

"A small fraction of the code that displays Facebook Web pages was exposed to a small number of users due to a single misconfigured Web server that was fixed immediately," a Facebook spokesperson said Tuesday. "It was not a security breach and did not compromise user data in any way."

Still, developer Nik Cubrilovic wrote in a TechCrunch blog posting that the leaked code could reveal vulnerabilities in Facebook's applications that could be exploited.

"From just this single page of source code, a lot can be said and extrapolated about the rest of the Facebook application and platform," he said. "At a quick glance, I know that I can see some obvious things in the code that both reveal certain hidden aspects of the platform and give a potential attacker a good head start."

He said Facebook would need to work quickly to "mitigate the risk to users," adding that hackers were already examining the code.

Public relations firm xyzPR said the leak raises other concerns about Facebook's overall security and data privacy.

"If the main source code for a site can be leaked, then it can be said that almost anything is possible," the PR firm reported through a press release on FastPitch. "Facebook has become such a success and has such a high profile that it has become a magnet for attacks against its systems."

Facebook disagreed and warned others not to publish or distribute the code.

"Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook," a Facebook spokesperson said. "The reprinting of this code violates several laws and we ask that people not distribute it further."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.