A professional hacker was rewarded by Facebook for finding a security vulnerability on one of their servers that stole the usernames and passwords of staff members. A paid hacker made his way into a Facebook server only to find out that it was already hacked by another paid hacker, who had installed malware, siphoning off usernames and passwords to a remote computer. The hacker was rewarded $10,000 and his talents were appreciated by the world’s largest social network. Beta News reports: Orange Tsai managed to compromise a Linux-based staff server and found there was already a piece of malware in place syphoning off usernames and passwords. These account details were being transmitted to a remote computer, and after revealing this to Facebook, Tsia pocketed $10,000 as a reward. Facebook says that the malware was installed by a security researcher who was trying to earn themselves a bounty. Tsai, who works for Devcore in Taiwan, has provided a detailed write-up of what poking around Facebook servers revealed. Using a reverse lookup, Tsia discovered the existence of files.fb.com which was running Accellion’s Secure File Transfer service which is known to suffer from certain vulnerabilities. Using an SQL injection vulnerability, Tsai was able to execute [...]