Taiwanese security vendor DEVCORE accidentally came across a backdoor script on one of Facebook’s corporate servers while finding bugs to earn a bug bounty from Facebook. Whitehat hacker spotted the PHP-based backdoor, popularly known as a, that had possibly been installed on the server by a malicious hacker. The backdoor was configured to steal Facebook employees’ login credentials. Facebook users’ accounts are not affected by this incident, but the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script.
Source: https://thehackernews.com/2016/04/hack-facebook-account.html