Facebook hacked in France to insult someone’s little brother

Facebook TranslateThe Facebook platform appears to be hacked on the French version of the site at Facebook.fr. When setting your language to French and choosing the option Signaler/bloquer cette personne (Report/Block this person in English) you are confronted by a rather strange option.

In English, you will see choices such as Fake profile, Inappropriate profile info and Inappropriate wall post. But on the French site, the last mentioned option now says, in what reads like schoolboy French of an English speaker: En discution instantané, Le petit frère de Dylan Zéroosiix m’a insulter. (In instant messenger the little brother of Dylan Zéroosiix insulted me.)

Image of hacked Facebook page

On initial inspection it appears to be an artifact from what you might call crowd-sourcing. Facebook pages in foreign (non-English) languages are translated by the users from those countries. If text appears to be translated incorrectly users can submit a fix or suggested change to Facebook.

If someone suggests a change that is incorrect and enough Facebook users “vote” for the change to be approved, random text on the Facebook website can be arbitrarily changed. This has happened to the Spanish and Turkish Facebook as Graham reported last year.

It is scary that Facebook believes in openness so much that they will let the users control their website without any human oversight from Facebook. Hopefully this isn’t a real vulnerability in their site that could allow someone to enter in arbitrary JavaScript or HTML code that could be malicious.

Embracing the community to help make things better is a tried and true practice that clearly works well considering the success of the open source community, yet even open source communities limit who can commit code to the tree to ensure both quality and safety.

For now my advice is “Don’t Panic” it is likely a prank. For those of you who have been having troubles on IM with Dylan Zéroosiix’s little brother now is the time to report him!

Don’t forget, if you are on Facebook you can join the Sophos Facebook page to learn all about the latest threats and security issues facing the social network.

Thank you to Naked Security reader Laury for sending us the tip, and Luc G from Sophos Canada for assisting with translation.