Update: Facebook confirmed that a small percentage of users in Western Europe were unable to access the site after it experienced complications with a traffic optimization test. The total downtime for these people was less than an hour, a company spokesperson said.
Original story: Thursday, Facebook experienced technical difficulties in parts of Europe, including Italy, Spain, Romania, and France, according to a number of tweets and reports that surfaced earlier in the day.
A member of the hacker collective Anonymous claimed responsibility for Thursday’s Facebook issues, but the social network denies an attack took place.
“There has not been a hack of Facebook; we have investigated these claims and they are not valid,” a Facebook spokesperson said.
Proclaimed Anonymous security leader, Anonymous Own3r (@AnonymousOwn3r), posted on Twitter that he or she had discovered a number of vulnerabilities in the social network. The person said a “cross-site request forgery” attack was used to bring down Facebook.
“Cross-site Request Forgery (CSRF) is a type of attack whereby unauthorized commands are transmitted from a user that the application trusts. Unlike Cross-site Scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser,” reads a note posted to Pastebin by the Anonymous member.
Facebook denies any such vulnerabilities. The spokesperson said:
The evidence cited was produced by an automated vulnerability scanner that alerts developers of potential vulnerabilities, and we have found these all to be false alerts.
We expect Anonymous just like we expect any other attack on any other day. Due to our size, we face the same threats as seen everywhere else on the web, but we have developed partnerships, backend systems, and protocols to confront the full range of security challenges we face. Facebook has always been committed to protecting our users’ information, and we will continue to innovate and work tirelessly to defend this data.
Anonymous Own3r is the same hacker who took responsibility for the GoDaddy outage in mid September, though the web services provider said at the time that its massive downtime was not caused by external influences.
This story is developing. Refresh for updates.