If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Funny Pics Page)   Major facebook exploit. Worst case: the secuirty of 304 million people is now in the hands of blackhats. Best case: the security of 2.4 million people is at risk. FBI and facebook notified, need help getting word out   (thefunnypicspage.com) divider line 124
    More: Scary, worst case  
•       •       •

9429 clicks; posted to Geek » on 24 Mar 2013 at 10:28 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



124 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | 3 | » | Last | Show all
 
2013-03-24 07:34:18 AM
Most likely case: oops, one of our employees used a compromised machine to update the Facebook page
 
2013-03-24 07:35:47 AM
But since privacy is such an antiquated concept this really isn't news at all.
 
2013-03-24 07:55:32 AM
That does it: I've pulled all my Top Secret stuff from Facebook. You'll have to go to ICanHasCheezBurger to see it now.
 
2013-03-24 10:24:21 AM
please post this all over Facebook.com/funnypics

on march 21st at 6:01PM PST an anauthorized user gained access to our facebook page using an unknown attack vector. We have visited Facebook and informed the FBI and, now we need your help in letting everyone know that the facebook page is now compromised.

Facebook provided to us the IP address of the machine that was used to hijack the facebook page. Reasearching this IP address, it was found to be a severly compromised machine hosted in a datacenter in San Jose, California.

Everyone is doing everyhting they can in order to sort this out. We now need your help to let everyone know that these people have access to any personal information you may have shared on your facebook pages.

It is our belief that the unauthorized user is planning to use this page to drop a virus on you guys, because they know you trust our links.

DO NOT CLICK ON ANY LINKS THAT FACEBOOK.COM/FUNNYPICS HAS POSTED IN THE PAST 48 HOURS

I will provide more information as it comes in.

Thank you all, we love you

-The Funny Pics Staff


This has got to be the best pants-wetting alert over a minor insignificant site-pwnage ever. Holy crap, FUNNYPICS has been cracked? And let someone steal their usernames and passwords?

holy crap buckets we're doomed.

And, yes, if you use the same credential/password to get into funnypics as you do for online banking, you should be doomed anyway.
 
2013-03-24 10:27:03 AM

Generation_D: And, yes, if you use the same credential/password to get into funnypics as you do for online banking, you should be doomed anyway.


I'm not even clear if that's what they're saying. It sounds like they're saying THEIR page was compromised, and the concern is someone would post a link to a virus on their page..? They never mention if the "compromised machine" is their machine or just a random one.
 
2013-03-24 10:34:44 AM

itsdan: Generation_D: And, yes, if you use the same credential/password to get into funnypics as you do for online banking, you should be doomed anyway.

I'm not even clear if that's what they're saying. It sounds like they're saying THEIR page was compromised, and the concern is someone would post a link to a virus on their page..? They never mention if the "compromised machine" is their machine or just a random one.


They seem convinced their own site leaked passwords. Funnypics passwords are known to fetch top dollar on the international underweb. I expect a full report by Brian Krebs later today.
 
2013-03-24 10:35:42 AM
First they came for Funny Pics, and I did nothing, for I prefer Meme Center.
 
2013-03-24 10:38:06 AM
Wow, thanks for greening this, mod. I really love it when widely-viewed websites like Fark help spread super-hyped bullshiat about relatively minor security events. Makes my job so much more fun when people who don't know any better start calling and emailing me because they think every little oddity they notice on their computer is related to that FACEBOOK SUPER DUPER HACK they read about on the internets over the weekend.

Assholes...
 
2013-03-24 10:38:11 AM

itsdan: Generation_D: And, yes, if you use the same credential/password to get into funnypics as you do for online banking, you should be doomed anyway.

I'm not even clear if that's what they're saying. It sounds like they're saying THEIR page was compromised, and the concern is someone would post a link to a virus on their page..? They never mention if the "compromised machine" is their machine or just a random one.


Yeah, I initially though Facebook was compromised, then I read the details, and it's just one user's FB account was hacked.  Now I'm wondering why I care.
 
2013-03-24 10:38:27 AM
Worst case, 304 million, best case 2.4 million, actual case... 1 small corporation that hosts silly .gifs.

Yeah, real news flash there.
 
2013-03-24 10:40:23 AM
itsdan
I'm not even clear if that's what they're saying


Someone unauthorized logged into a Facebook page.
That someone logged into Facebook via some random hacked server.
 
2013-03-24 10:41:24 AM
Blackhats? Does that refer to the Black hatted guy from xkcd who does things because he is some kind of omnipotent trickster god?
 
2013-03-24 10:42:35 AM

St_Francis_P: That does it: I've pulled all my Top Secret stuff from Facebook. You'll have to go to ICanHasCheezBurger to see it now.


This. I moved all my banking info and medical records off Facebook last week. Everyone should be as smart as me.
 
2013-03-24 10:42:52 AM

skozlaw: Wow, thanks for greening this, mod. I really love it when widely-viewed websites like Fark help spread super-hyped bullshiat about relatively minor security events. Makes my job so much more fun when people who don't know any better start calling and emailing me because they think every little oddity they notice on their computer is related to that FACEBOOK SUPER DUPER HACK they read about on the internets over the weekend.

Assholes...



www.inquisitr.com
 
2013-03-24 10:43:15 AM

Jim_Callahan: Worst case, 304 million, best case 2.4 million, actual case... 1 small corporation that hosts silly .gifs.

Yeah, real news flash there.


B-b-b-b-but every person on Facebook might view their page and get a virus!
 
2013-03-24 10:52:25 AM
Who the fark greenlit this shiat? No one gives a fark
 
2013-03-24 10:56:42 AM
One good thing about this for The Funny Page Pics, I've now actually heard of them.
 
2013-03-24 11:02:40 AM
Is this where I smugly say I don't have a FB page and feel superior to all the dweebs who do?
 
2013-03-24 11:16:06 AM
I don't know anyone who uses Facebook who also has "secuirty", so I'm guessing this isn't a big deal.
 
2013-03-24 11:19:58 AM
I've got a few friends that post their daily 'funny pic', it doesn't count as app-spam so I'd have to filter out all of their posts.  Their pics are always those mildly amusing ones you remember seeing 2-9 years ago on the internet, so really nothing of value was lost.

Now to GIS for grumpy cat...ooooh my, okay posting this instead:
img.thesun.co.uk
 
2013-03-24 11:25:15 AM

skozlaw: Wow, thanks for greening this, mod. I really love it when widely-viewed websites like Fark help spread super-hyped bullshiat about relatively minor security events. Makes my job so much more fun when people who don't know any better start calling and emailing me because they think every little oddity they notice on their computer is related to that FACEBOOK SUPER DUPER HACK they read about on the internets over the weekend.

Concurs

 
2013-03-24 11:36:01 AM
Why is the FBI getting involved in Facebook account compromising?
 
2013-03-24 11:39:07 AM
Generation_D:
This has got to be the best pants-wetting alert over a minor insignificant site-pwnage ever. Holy crap, FUNNYPICS has been cracked? And let someone steal their usernames and passwords?


What they are saying is, "someone accessed our site, we don't know how, but we think they'll do it again and put malware up, and you dumbasses who like us are exactly the people who believe in the popup that says 1,731 viruses have been found but this tool will clear them for you."

/because most people on facebook are computer 'tards
 
2013-03-24 11:45:55 AM
Oscar Wilde said, "There is no such thing as bad publicity".
 
2013-03-24 12:13:43 PM
I think all that was missing from this warning is: Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:Fw:
 
2013-03-24 12:16:33 PM

Contents Under Pressure: Oscar Wilde said, "There is no such thing as bad publicity".


The only thing worse than being hacked is not being hacked.
 
2013-03-24 12:16:44 PM
Whew!  Thought we were going to be exploited by Facebook!
 
2013-03-24 12:18:37 PM

machoprogrammer: Why is the FBI getting involved in Facebook account compromising?


Note that the retarded warning says they notified the FBI. Not that the FBI gave a rat's ass.
 
2013-03-24 12:25:39 PM

Farty McPooPants: Whew!  Thought we were going to be exploited by Facebook!


You already are, Whistler, you already are.
 
2013-03-24 12:29:40 PM
"It is our belief that the unauthorized user is planning to use this page to drop a virus on you guys, because they know you trust our links."

My wife has seen many links that were from compromised friends' computers. Dozens of friends at risk by clicking a link isn't news. Millions at risk is.

Step 1: Invent a new virus that won't be detected by AV.
Step 2: Hack into a FB account with millions of subscribers to "share" your virus with.
Step 3: Become the owner of a very large botnet overnight.
 
2013-03-24 12:43:20 PM

Lochsteppe: Contents Under Pressure: Oscar Wilde said, "There is no such thing as bad publicity".

The only thing worse than being hacked is not being hacked.


Zuckerberg: I wish I'd thought of that!
Winklevoss: You will, Mark.  You will.
 
2013-03-24 01:03:54 PM
weirdest coincidence, I had someone in Houston (at least that's where the IP mapped to) try to break into my facebook account that same night.

I've got 2 factor up, so none of my 10 friends had anything to worry about.
 
2013-03-24 01:10:17 PM
secuirty
 
2013-03-24 01:33:06 PM
Oust yourself subby!
 
2013-03-24 01:34:20 PM
a group of hackers have set up shop in a datacenter in San Jose, they used a machine in that datacenter to exploit facebook.  No email address's were compromised.


itsdan:
Generation_D: And, yes, if you use the same credential/password to get into funnypics as you do for online banking, you should be doomed anyway.

I'm not even clear if that's what they're saying. It sounds like they're saying THEIR page was compromised, and the concern is someone would post a link to a virus on their page..? They never mention if the "compromised machine" is their machine or just a random one.
 
2013-03-24 01:36:37 PM
One infected link posted by these people can infect a maximum of 304 million people.  Our users trust our brand, they WILL click any links that are posted.  I dont care about the business, I care about my users, please, just help me protect the users before they drop their payload.

it scares me that no one understand the severity of this situation.

skozlaw: Wow, thanks for greening this, mod. I really love it when widely-viewed websites like Fark help spread super-hyped bullshiat about relatively minor security events. Makes my job so much more fun when people who don't know any better start calling and emailing me because they think every little oddity they notice on their computer is related to that FACEBOOK SUPER DUPER HACK they read about on the internets over the weekend.

Assholes...

 
2013-03-24 01:39:27 PM
the FBI is currently investigating, the law is doing its part already, I am asking the internet to help in doing the one thing they are failing to do, which is let people know before something bad happens.

skozlaw:
machoprogrammer: Why is the FBI getting involved in Facebook account compromising?

Note that the retarded warning says they notified the FBI. Not that the FBI gave a rat's ass.
 
2013-03-24 01:40:49 PM

thisone: weirdest coincidence, I had someone in Houston (at least that's where the IP mapped to) try to break into my facebook account that same night.

I've got 2 factor up, so none of my 10 friends had anything to worry about.


How were you notified about this--is there a way to be informed of any failed login attempt? Or did they actually get past the "first factor" (PW) and thus you got the unknown device notification?
 
2013-03-24 01:40:57 PM

skozlaw: Wow, thanks for greening this, mod. I really love it when widely-viewed websites like Fark help spread super-hyped bullshiat about relatively minor security events. Makes my job so much more fun when people who don't know any better start calling and emailing me because they think every little oddity they notice on their computer is related to that FACEBOOK SUPER DUPER HACK they read about on the internets over the weekend.

Assholes...


I do tech support too and you need to calm the fark down.
 
2013-03-24 01:44:43 PM
Please also be aware that 304 million is absolute worst case scenario, if every single person that saw a link clicked it.  At a minimum one link will generate 1000+ pageviews a minute sustained for 30-45 minutes.  Thats thousands of infections per minute if that link has any sort of malicious nature to it.
 
2013-03-24 01:45:53 PM
It is unknown how they gained initial access to the administrative side of the page.  We were only notified by facebook after the fact.


Yankees Team Gynecologist: thisone: weirdest coincidence, I had someone in Houston (at least that's where the IP mapped to) try to break into my facebook account that same night.

I've got 2 factor up, so none of my 10 friends had anything to worry about.

How were you notified about this--is there a way to be informed of any failed login attempt? Or did they actually get past the "first factor" (PW) and thus you got the unknown device notification?

 
2013-03-24 01:46:46 PM
PLEASE FBI!!! PROTECT ALL THOSE PICTURES OF MY LUNCH!!!!
 
2013-03-24 01:48:54 PM
I was told by the police i that the datacenter has a history of problems, from credit card fraud to child pornography.  This is public record.  I do not want to release the name of the company, as the investigation is pending, but we will inform the public of everything we know as we learn more.
 
2013-03-24 01:55:37 PM

magicksid: It is unknown how they gained initial access to the administrative side of the page. We were only notified by facebook after the fact.


So FB stopped them before they could post a malicious link? Kudos to them then.
 
2013-03-24 02:03:08 PM
NO FACEBOOK AS NOT BLOCKED THIS YET AND IS ALLOWING THESE PEOPLE TO PREPARE THE PAGE DO DROP THE PAYLOAD.

THE HEADER IMAGE TELLS PEOPLE TO SET UP THEIR SUBSCRIPTIONS SO THEY ARE GUARANTEED TO SEE EVERY LINK POSTED.  THEY ARE STARTING TO GET THE USERS USED TO AN OBFUSCATED BITLY LINK THAT WE WOULD NEVER POST AS IT HIDES THE NATURE OF THE CONTENT.   IT IS VERY POSSIBLE THEIR INTENTIONS ARE TO DROP A MALICIOUS LINK VERY SOON.



MarkEC: magicksid: It is unknown how they gained initial access to the administrative side of the page. We were only notified by facebook after the fact.

So FB stopped them before they could post a malicious link? Kudos to them then.

 
2013-03-24 02:03:56 PM

magicksid: One infected link posted by these people can infect a maximum of 304 million people.  Our users trust our brand, they WILL click any links that are posted.  I dont care about the business, I care about my users, please, just help me protect the users before they drop their payload.

it scares me that no one understand the severity of this situation.

skozlaw: Wow, thanks for greening this, mod. I really love it when widely-viewed websites like Fark help spread super-hyped bullshiat about relatively minor security events. Makes my job so much more fun when people who don't know any better start calling and emailing me because they think every little oddity they notice on their computer is related to that FACEBOOK SUPER DUPER HACK they read about on the internets over the weekend.

Assholes...


I'm going in to lockdown, no more Internet for me until I know it's safe. Hell, I better turn off my fridge, this shiat is serious.
 
2013-03-24 02:09:37 PM
FTH: FBI and facebook notified, need help getting word out

If only there was some way to alert so many people, maybe some kind of social media...
 
2013-03-24 02:13:29 PM
magicksid
It is unknown how they gained initial access to the administrative side of the page.



The Voice of Doom
oops, one of our employees used a compromised machine to update the Facebook page
 
2013-03-24 02:16:10 PM

Yankees Team Gynecologist: thisone: weirdest coincidence, I had someone in Houston (at least that's where the IP mapped to) try to break into my facebook account that same night.

I've got 2 factor up, so none of my 10 friends had anything to worry about.

How were you notified about this--is there a way to be informed of any failed login attempt? Or did they actually get past the "first factor" (PW) and thus you got the unknown device notification?


personally, I think I'm still suffering from the Sony attack, they had the pword correct, yes, so they got stuck at the verification. I've no idea what password I had set for Sony (though I've got a clue now), since I rarely log into the PS3 as myself. I've had at least three attempts to change my gmail password, the most recent about 4 months ago.
 
2013-03-24 02:16:27 PM

styckx: Who the fark greenlit this shiat? No one gives a fark


"It's not news it's ____"
 
Displayed 50 of 124 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report