Facebook hacker finds another intruder beat him to the punch

A security researcher on a bug hunt hacked his way into Facebook's corporate network only to find that someone else had already been there.

Katie Collins Senior European Correspondent

Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.

See full bio

Katie Collins

April 25, 2016 6:31 a.m. PT

The researcher who discovered the flaw earned a prize through Facebook's bug bounty program.
Oleksiy Maksymenko/All Canada Photos/Corbis

A security researcher looking for flaws in Facebook's internal network has found traces of at least one other intruder who got into the system first.

The hacker, or hackers, had access to Facebook's internal system for several months and got access to hundreds of employee usernames and passwords, researcher Orange Tsai of Taiwan said in a blog post last week. After Tsai had hacked his way into the vulnerable server, he found scripts setup by another hacker or hackers designed to scoop up login details of employees.

Facebook awarded Tsai $10,000 for discovering and reporting the flaw back in February and asked him to hold off publishing details of the hack until it could be patched.

Posting on Hacker News, someone claiming to be from the Facebook Security team said the company was "really glad" the flaw had been reported but added that the intruder turned out to be another bug bounty hunter.

Facebook did not immediately respond to a request for comment.