Facebook hacked in France to insult someone's little brother

Filed Under: Facebook, Social networks, Vulnerability

Facebook TranslateThe Facebook platform appears to be hacked on the French version of the site at Facebook.fr. When setting your language to French and choosing the option Signaler/bloquer cette personne (Report/Block this person in English) you are confronted by a rather strange option.

In English, you will see choices such as Fake profile, Inappropriate profile info and Inappropriate wall post. But on the French site, the last mentioned option now says, in what reads like schoolboy French of an English speaker: En discution instantané, Le petit frère de Dylan Zéroosiix m’a insulter. (In instant messenger the little brother of Dylan Zéroosiix insulted me.)

Image of hacked Facebook page

On initial inspection it appears to be an artifact from what you might call crowd-sourcing. Facebook pages in foreign (non-English) languages are translated by the users from those countries. If text appears to be translated incorrectly users can submit a fix or suggested change to Facebook.

If someone suggests a change that is incorrect and enough Facebook users "vote" for the change to be approved, random text on the Facebook website can be arbitrarily changed. This has happened to the Spanish and Turkish Facebook as Graham reported last year.

It is scary that Facebook believes in openness so much that they will let the users control their website without any human oversight from Facebook. Hopefully this isn't a real vulnerability in their site that could allow someone to enter in arbitrary JavaScript or HTML code that could be malicious.

Embracing the community to help make things better is a tried and true practice that clearly works well considering the success of the open source community, yet even open source communities limit who can commit code to the tree to ensure both quality and safety.

For now my advice is "Don't Panic" it is likely a prank. For those of you who have been having troubles on IM with Dylan Zéroosiix's little brother now is the time to report him!

Don't forget, if you are on Facebook you can join the Sophos Facebook page to learn all about the latest threats and security issues facing the social network.

Thank you to Naked Security reader Laury for sending us the tip, and Luc G from Sophos Canada for assisting with translation.

, ,

You might like

4 Responses to Facebook hacked in France to insult someone's little brother

  1. Wow. Just wow lol.

  2. Neil Schwartzman · 1710 days ago

    Pathetic that people are still 'supporting the cause' of a $50,000,000,000 company, by volunteering. Suckers.

  3. niik · 1709 days ago

    is it sad that the fact that "Don't Panic" was in quote marks, leading me to conclude that it was a HHG2TG reference, was my favourite part?

  4. rak · 1708 days ago

    Recently I was logged in to German portal site GMX with Google's Chrome web browser, using the German to English translation that it automatically offered me, and I noticed a curious "My YouTube" link on the nav bar. It took a sec for it to occur to me that Google was translating "GMX" as "YouTube" -- GMX appeared plenty of times on the screen, but only as text in images.

    I just checked again, and found that they now translate "GMX" as "Yahoo". Hey, they're getting closer -- at least it's another portal site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.