Tonight someone posted the PHP source code of Facebook’s home page on a new and otherwise empty blog called Facebook Secrets. Though the blog is still live, several others who reprinted the source code have already removed it upon reportedly promptly receiving cease-and-desists.
While there is no way to confirm the authenticity of this code, Facebook’s Brandee Barker commented on Nic Cubrilovic’s coverage of the breach on TechCrunch:
Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
This obviously provides a gold mine of clues to anyone looking to exploit vulnerabilities in Facebook. Facebook PR definitely has their work cut out for them if recent outages and hiccups continue.[tags]facebook,code,leak,security,privacy[/tags]