Mega Facebook notes leak!

galaxyAbstractor

Community Advocate
Community Support
Messages
5,508
Reaction score
35
Points
48
Is this notes users made, or notes about the user facebook made?
 

xav0989

Community Public Relation
Community Support
Messages
4,467
Reaction score
95
Points
0
this is crazy... however I am a bit skeptical...
 

Smith6612

I ate all of the x10Pizza
Community Support
Messages
6,518
Reaction score
48
Points
48
I'm pretty sure that these are user profile notes that they've written.
 

John Klyne

Community Advocate
Community Support
Messages
964
Reaction score
7
Points
18
seems the notes come from a refined group of people who don't write in english...aren't those notes public anyways?
 

DefecTalisman

Community Advocate
Community Support
Messages
4,148
Reaction score
5
Points
38
Uhm, this seems like a stupid question ? Why when I go to 69.63.186.30, am I signed out of facecrook ? Is this a phishing site ? All the links are funny.

If you replace the IP(69.63.186.30) with "facebook", you get pretty much the same result, but I am signed in and its in a language I understand. Different social networks maybe, but again why do the links look so spoofed ?
 

Smith6612

I ate all of the x10Pizza
Community Support
Messages
6,518
Reaction score
48
Points
48
seems the notes come from a refined group of people who don't write in english...aren't those notes public anyways?
They could be, and could not be. I didn't hear anything on Facebook about this directly, but someone I believe did state that these notes were set public by the user which they have heard from Facebook. The security forum is a well trusted resource by many Internet users so the source of info is reliable.

Uhm, this seems like a stupid question ? Why when I go to 69.63.186.30, am I signed out of facecrook ? Is this a phishing site ? All the links are funny.

If you replace the IP(69.63.186.30) with "facebook", you get pretty much the same result, but I am signed in and its in a language I understand. Different social networks maybe, but again why do the links look so spoofed ?

That's because the cookie is tied to Facebook's main domain, not the server IP. That's why you're logged off. Otherwise the server is on Facebook's own network sitting in Washington DC, so it is not a phishing instance. Facebook also has a CDN based network so you could be connecting to another server for your Facebook info.
 
Last edited:

adamparkzer

On Extended Leave
Messages
3,745
Reaction score
81
Points
0
Came across this today on a security forum I visit. Turns out, 16,000 user notes from Facebook were leaked onto the Internet and cached by Google as well. See for yourself what I mean.

http://www.google.com/search?q=site:http://69.63.186.30/notes.php

This is a pretty big leak. Webmasters, secure your stuff!

lol I find this pretty funny. People are worried about stalkers and make all their profile information private, then stuff like this happens and they freak out. I don't get why they would post something publicly or semi-publicly at all if they don't want random people reading it.

The chances of one of my 660ish Facebook friends getting hacked is pretty high, so chances are that some random old guy from a different country could be reading my profile info right now.
 

DefecTalisman

Community Advocate
Community Support
Messages
4,148
Reaction score
5
Points
38
Well this should tell you all http://www.facecrook.com.

I still find that one funny as hell. htpp://www.facevook.com and every other surrounding letter(except "x") leads to other pages, what developer redirects a domain like that to thier site ?
 
Top