Facebook Code Leaked on Site

Although only display code revealed, experts say social networks are vulnerable.

ByABC News
January 8, 2009, 1:15 AM

Aug. 14, 2007 — -- Facebook accidentally leaked portions of its own program code, causing some security experts to call into question the security of all social networking sites.

Over the weekend, the popular site accidentally exposed some of its program code to users. The homepage display code, which was hidden again quickly according to Facebook, was posted on various blogs.

Despite the mistake, the leaked code didn't release any user information, according to the company.

"A small fraction of the code that displays Facebook Web pages was exposed to a small number of users due to a single misconfigured Web server that was fixed immediately. It was not a security breach and did not compromise user data in any way," a Facebook spokesperson said in an e-mailed statement to ABCNews.com. "Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it further."

According to several experts, the leak was an embodiment of what has always been a problem for social networking sites: security.

The leak "shows the danger of how much you can trust a social networking site," Robert Graham, CEO of Errata Security, a high-end security firm based in Atlanta, told ABCNews.com. "All the social networking sites are rife with security problems and the targets of hackers as well. There's widespread hacking at social networking sites."

Several security firms and attendees at Black Hat and DefCon, two conferences for hackers, last week in Las Vegas, presented ways that social networking sites could be hacked into.

At Black Hat, Graham demonstrated the vulnerability of the sites in public Wi-Fi hotspots, a hackers' conference in Las Vegas, earlier this month. According to Graham, hackers can easily take control of your profile at Facebook or MySpace by using a program that "steals cookies."

Over the years, MySpace has also been targeted by several worms, self-replicating programs that can multiply without detection and deliver viruses to users.