Security

Facebook hacker finds another intruder beat him to the punch

A security researcher on a bug hunt hacked his way into Facebook's corporate network only to find that someone else had already been there.

42-69864633.jpg

The researcher who discovered the flaw earned a prize through Facebook's bug bounty program.

Oleksiy Maksymenko/All Canada Photos/Corbis

A security researcher looking for flaws in Facebook's internal network has found traces of at least one other intruder who got into the system first.

The hacker, or hackers, had access to Facebook's internal system for several months and got access to hundreds of employee usernames and passwords, researcher Orange Tsai of Taiwan said in a blog post last week. After Tsai had hacked his way into the vulnerable server, he found scripts setup by another hacker or hackers designed to scoop up login details of employees.

Facebook awarded Tsai $10,000 for discovering and reporting the flaw back in February and asked him to hold off publishing details of the hack until it could be patched.

Posting on Hacker News, someone claiming to be from the Facebook Security team said the company was "really glad" the flaw had been reported but added that the intruder turned out to be another bug bounty hunter.

Facebook did not immediately respond to a request for comment.