Hackers can Easily Access Facebook Source Code, says Experts

Surprisingly, Facebook source code, a set program instruction used by Facebook engineers is easily accessible over the Internet. Although the complex codes don’t make sense to the average person, a hacker who stumbles on such sensitive data could work to subvert the internal working of Facebook.

Negligence by Facebook engineers could risk the safety of users on the online publishing site if circulating tech reports are anything to consider. Apparently, some tech guys were able to access Facebook’s source code, a set of program instructions that can be executed directly to modify the internal working of Facebook.

It started in 2013 when Nathan Malcolm, a tech researcher, during his daily work of fixing bugs landed on something more that he expected.  “I ended up finding out a lot more about Facebook’s internals than I intended,” says Malcom in a blog post.

Malcom says all he did was to Google an Error message in Fabricator, a software development tool,  but luckily or unluckily  he end up with a Pastebin link that lead to Facebook’s source code. “As you’d expect I came across source code and references, but one specific link stood out. It was a Pastebin link”

The complex codes may not mean much to an average person, but Malcom says they could pose considerable risk if obtained by a sophisticated malicious hacker. For example, Malcom was able to learn a few things about the internal working of Facebook just by going through the source code.

“The person who, likely, posted this (source code on Pastebin) was “emir”. This may be the person’s first name, or it could be their first initial and then their surname (E. Mir). It’s clear this output was intended to be seen by another engineer at Facebook, so posting it on Pastebin probably wasn’t the smartest move. This person may have made other slip ups which could make them a target if an attacker sees an opportunity,” notes Malcom.

Some tech commentators at Hackers News discussion forum, were surprised that Facebook engineers were using, Pastebin, a public web application to share important source codes that could give hackers a lead to Facebook’s system. “I would assume that they’d have an internal wiki, or gist-like app” for sharing source codes, says one tech commentator on Hacker’s news.  “While some leaks may not even be effective outside Facebook’s internal network, having actual code that may be in production does pose a risk,” he added.

In a nutshell, the source code on Pastebin does not pose an immediate threat to Facebook users, considering that Facebook servers are highly fortified, but it raises concerns as to why Facebook Engineers pasted such important credentials in an open application. “If you do not want someone to find it – do not publish it online,” concludes another commentator.

Top/Featured Image: By geralt / Pixabay (https://pixabay.com/en/facebook-social-network-social-media-440786/)


Ali Qamar Ali is an Internet security research enthusiast who enjoys "deep" research to dig out modern discoveries in the security industry. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.