14 DAY TRIAL // Facebook is blaming a recent security incident that resulted in an unauthorized post showing up on Mark Zuckerberg's official fan page, on a bug in an application programming interface (API).
The Facebook CEO's page was taken offline Tuesday evening after someone managed to post an update on it that criticized the company's financial strategy.
"If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way?
"Why not transform Facebook into a ‘social business’ the way Nobel Price winner Muhammad Yunus described it?" part of the rogue message read.
There was a lot of speculation about how the security breach occurred, with possible reasons for the compromise including phishing, brute force attacks or even malware infection.
However, Facebook spokespersons revealed to CNET that the culprit was a bug in a remote publishing API which only allowed the attackers to make unauthorized posts.
"It's astonishing the level of speculation without accurate information," commented Joe Sullivan, Facebook's chief security officer.
"There was the (false) assumption that there was unauthorized access to information...Our commitment is to try and prevent that and respond incredibly quickly when something happens," he stressed.
Apparently the same bug was exploited to make unauthorized posts on several other high profile accounts in addition to Mark Zuckerberg's, but the company refused to name them.
One of the affected pages might have been that of French President Nicolas Sarkozy. On Sunday, someone posted a fake announcement on his fan page claiming that he won't seek re-election after his current term is over.
Mr. Sarkozy later issued an update warning people of the compromise and dispelling the rumors. Facebook declined to confirm if his account was attacked through the same API bug.