Last night I returned from Barcamp Washington, DC to see a post on Techcrunch about how the source code of Facebook has been leaked. Wow! After the posting, Nik Cubrolivik received an official response from Facebook as follows:
Facebook have sent us an official response (and Brandee Barker from Facebook has left a comment below): â€œSome of Facebookâ€™s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.â€. It seems that the cause was apache and mod_php sending back un-interpreted source code as opposed to output, due to either a server misconfiguration or high load (this is a known issue). It is also apparent that other pages have been revealed, and that this problem has occured before, but only now has somebody actually posted the code online.
Are you kdding me? Facebook is claiming that the posting of the source code posted on http://facebooksecrets.blogspot.com/ is a violation of the law and should not be redistributed or reprinted. I agree! My privacy has been officially violated. One interesting thing that I have seen in the source code is the existence of a “Monitization Box.” I’m not quite sure what this box is but it is interesting to see that. Additionally, Facebook uses a templating system. This is something that I always suggest with any development application to remove the back-end from the front-end development side of things. You can change the template on the fly without the recreation of any back-end code.
I have a feeling that the site that I have listed above will be shut down within the next 48 hours. This is a massive security breach for Facebook and one which should not have occured. There are millions of users that trust Facebook to handle their information securily and this is somethink that should not have happened. I don’t know of any “techinical issue” which would have created this but Nik Cubrilovic has posted information that shows developers how to prevent their source code from leaking.
I would have expected a company like Facebook to have already addressed this issue but apparently they are behind the curve. First step: make sure this is prevented from ever happening again. Second: take down the site with the source code. It appears as though Facebook has protected against any security breach as a result of the posted source code. I have explored the code and checked paths to confirm this. One thing is for sure: their code is tidy. The other thing? DO NOT LEAK YOUR CODE!