The security group Inj3ct0r claims to have hacked facebook.com. The published document (date: 6th April 2010) shows step by step how they proceeded and how easy it was to exploit a SQL injection vulnerability within the app tvshowchat and other files.
It was possible to receive the entire database structure, tables, columns, contents, the database content of a wordpress installation (WTF) and ofc password hashes. Furthermore they claim to have uploaded a PHP shell and now are basically able to do almost everything on the server (which is ofc limited by the user permissions).
In addition, screenshots are shown as proof.
For me, this seems to be real. I don’t think that this is some sort of fake and Facebook already changed some stuff, one of the inj3kt0r’s team members just said that they already closed all the vulnerabilities.
I think we will definitely hear about this in the media.
Here in Germany, Facebook is under heavy criticism since they don’t stick to German data privacy laws. German politicians will try to convince Facebook in order to change their policies, but I don’t think that Facebook will ever drawback.
The latest hack is the top of the iceberg and will lead to long debates. How safe is our data and how much can be revealed?