![Facebook App Facebook App](https://api.time.com/wp-content/uploads/2016/04/facebook-hack-cyber-security-technology-social-media.jpg?quality=85&w=2400)
A security researcher who managed to hack through the security of one of Facebook’s corporate networks said he found evidence of another hacker having been there too, and having installed a backdoor to steal employees’ credentials.
Penetration tester Orange Tsai, of Taiwanese cybersecurity firm Devcore, said the other hacker had set up a tool to collect and exfiltrate Facebook employees’ usernames and passwords as they logged in.
He himself got in by exploiting vulnerabilities in third-party software, from a company called Accellion, that is used for file transfers.
Tsai reported the vulnerabilities and his findings to Facebook, and got paid $10,000 under the company’s “Bug Bounty” scheme.
On Hacker News, a member of Facebook’s security team thanked Tsai and claimed the other hacker in question was also a well-meaning individual trying to collect money under Facebook’s bug-hunting program.
“Neither of them were able to compromise other parts of our infrastructure so, the way we see it, it’s a double win: two competent researchers assessed the system, one of them reported what he found to us and got a good bounty, none of them were able to escalate access,” Reginaldo Silva wrote.
Silva also said that, because it had been using third-party software that it could not control, it had run the software “isolated from the systems that host the data people share on Facebook.”
“We do this precisely to have better security,” he noted.
Facebook had not responded to a request for comment at the time of writing.
This article originally appeared on Fortune.com
More Must-Reads from TIME
- Eyewitness Accounts From the Trump Rally Shooting
- Politicians Condemn Trump Rally Shooting: ‘No Place for Political Violence in Our Democracy’
- From 2022: How the Threat of Political Violence Is Transforming America
- ‘We’re Living in a Nightmare:’ Inside the Health Crisis of a Texas Bitcoin Town
- Remembering Shannen Doherty , the Quintessential Gen X Girl
- How Often Do You Really Need to Wash Your Sheets?
- Welcome to the Noah Lyles Olympics
- Get Our Paris Olympics Newsletter in Your Inbox
Contact us at letters@time.com