Posted August 13, 2007 10:07 am by with 2 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Due to what appears to be a technical glitch, Facebook published its source code for the world to see and Facebook Secrets was quick to publish it.

Don’t worry if you’ve never heard of Facebook Secrets, the site was created on a free Blogspot blog and has just one post–the one showing Facebook’s source code.

This is extremely embarrassing for Facebook for a number of reasons:

  1. Questions are now being raised as to what else might accidentally get published–maybe you’ll see your private data some day.
  2. Competitors now have a chance to see what’s under Facebook’s hood and maybe learn something.
  3. Hackers might be able to find a weakness in the code and exploit it.
  4. Some developers are suggesting the structure of Facebook isn’t particularly sophisticated.

Facebook has responded and TechCrunch received this statement from them:

?A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way. Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it further.?

So what caused the glitch? TechCrunch suggests…

It seems that the cause was apache and mod_php sending back un-interpreted source code as opposed to output, due to either a server misconfiguration or high load (this is a known issue). It is also apparent that other pages have been revealed, and that this problem has occurred before, but only now has somebody actually posted the code online.

Still, the question remains, who’s entitled to damages here? If this source code is part of the code that ConnectU claims Facebook stole from them, would the amount of any damages awarded increase due to this breach?

  • It’ll be interesting to see this pan out. The security flaw issue could be a real one – it seems some people are already finding potential weaknesses.

  • Maybe it was simply caused by a disgruntled employee.