The social networking site was hacked by a researcher who had identified a flaw on MobileIron’s Mobile Device Management (MDM) used by an employee. In this case, the vulnerability was not entirely Facebook’s fault as the weakness in a third-party service created a ripple effect which negatively impacted users security. However, this highlights how important it is for companies to monitor not only their own security but also the security of partnered vendors.
The researcher from DEVCORE identified 3 vulnerabilities in their post which allowed hackers access:
- Arbitrary file reading
- Remote Code Execution (RCE)
- Bypassing the authentication measures in place remotely
