Update: Facebook confirmed that a small percentage of users in Western Europe were unable to access the site after it experienced complications with a traffic optimization test. The total downtime for these people was less than an hour, a company spokesperson said.
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":553301,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,social,","session":"C"}']Original story: Thursday, Facebook experienced technical difficulties in parts of Europe, including Italy, Spain, Romania, and France, according to a number of tweets and reports that surfaced earlier in the day.
A member of the hacker collective Anonymous claimed responsibility for Thursday’s Facebook issues, but the social network denies an attack took place.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
“There has not been a hack of Facebook; we have investigated these claims and they are not valid,” a Facebook spokesperson said.
Proclaimed Anonymous security leader, Anonymous Own3r (@AnonymousOwn3r), posted on Twitter that he or she had discovered a number of vulnerabilities in the social network. The person said a “cross-site request forgery” attack was used to bring down Facebook.
Facebook many vulnerabilities found by @AnonymousOwn3r http://t.co/NzYTIltm
— Anonymous Own3r (@AnonymousOwn3r) October 11, 2012
@AssassinOF I'm attacking many of facebook servers facebook italy, facebook romania etc
— Anonymous Own3r (@AnonymousOwn3r) October 11, 2012
“Cross-site Request Forgery (CSRF) is a type of attack whereby unauthorized commands are transmitted from a user that the application trusts. Unlike Cross-site Scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser,” reads a note posted to Pastebin by the Anonymous member.
Facebook denies any such vulnerabilities. The spokesperson said:
[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":553301,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,social,","session":"C"}']
The evidence cited was produced by an automated vulnerability scanner that alerts developers of potential vulnerabilities, and we have found these all to be false alerts.
We expect Anonymous just like we expect any other attack on any other day. Due to our size, we face the same threats as seen everywhere else on the web, but we have developed partnerships, backend systems, and protocols to confront the full range of security challenges we face. Facebook has always been committed to protecting our users’ information, and we will continue to innovate and work tirelessly to defend this data.
Anonymous Own3r is the same hacker who took responsibility for the GoDaddy outage in mid September, though the web services provider said at the time that its massive downtime was not caused by external influences.
This story is developing. Refresh for updates.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More