Tech Crunch recently reported that Facebook, one of the world's largest social networks recently had the source code from their main index page leaked and published on a blog called Facebook Secrets. Reports suggest two ways in which the source code made it's way onto the blog. The first theory is that a Facebook Developer released the code and pasted it onto the site. The other, more likely theory is the possibility of a security hole on one of the Facebook servers accidentally revealed the code.
The blog that published the code only has a single post on it, so it was created exclusively to publish this code - meaning that whoever is behind this both isn’t taking credit for the hole and doesn’t want to be associated with it. While there is no certain way to verify if the code is actually from Facebook, research suggests that the code is recent and comes directly from the Facebook homepage.
This leak is not good news for Facebook, as it raises the question of how secure a Facebook users private data really is. If the main source code for a site can be leaked, then it can be said that almost anything is possible. Facebook has become such a success and has such a high profile that it has become a magnet for attacks against its systems. Facebook will need to take some short term measures to mitigate the risk to users as thousands of potential hackers potential attackers attempt to compromise the system.
If in fact true, the publishing of the code createsa set of problems for Facebook. First, the code can be used by others to better understand how the Facebook application works, for the purposes of finding further security holes or bugs that could be exploited. An attacker getting access to the source code often leads to further security holes being discovered.
Secondly, the source code reveals a lot about the structure of the Facebook application, and the practices that Facebook developers follow. From just this single page of source code a lot can be said and extrapolated about the rest of the Facebook application and platform. For instance, the structure doesn’t follow any object oriented development practices, and it seems that the application is one large PHP file with a large number of custom functions living in the same namespace.