“Constant attack from malicious apps”: Facebook purge goes wrong

An outage which affected Facebook apps and developer accounts this week was caused by over-zealous attempts to disable malicious apps, the social network has admitted. The outage, which locked app developers out of their accounts, was caused by an attempted “purge” of malicious apps.

Facebook’s  Eugene Zarakhovsky admitted in a blog post that the outage was due to an attempt to find and disable malicious apps, saying, “The Facebook Platform and our users are constantly under attack from malicious apps and we have many automated systems to protect the platform and our users. Occasionally we detect an attack that requires us to augment those automated systems. Specifically, we identify a malicious pattern, find all the apps that match that pattern, and then disable those apps.”

“ We started with a broad pattern that correctly matched many thousands of malicious apps but, unfortunately, also matched many of your high quality apps,” Zarakhovsky said. “When we detected this error, we immediately stopped the process and began work to restore access. The process took longer than expected because of the number of apps affected and bugs related to the restoration of app metadata.”

Developers had complained about the outage on the Hacker News forums.  Facebook employees joined the discussion to reassure developers – technology news siteAllthingsD points out in its report that Facebook has attempted to court third-party developers this year.

“We have systems that block spammy apps that are 99.9% of the time really incredibly sophisticated and get a ~0% false positive rate. This is a case of the 0.1%. :( Folks here are scrambling to undo this,” an employee wrote.

Zarakhovsky said, “We will create better tools to detect overly broad patterns and put in place better processes to verify that all apps matched are indeed malicious.”

One commenter on Hacker News said, “Now if only they would disable user accounts, the world would be a better place.”

Author , We Live Security

Follow us

Copyright © 2017 ESET, All Rights Reserved.