AT&T users visiting Facebook were routed to China and then South Korea before reaching their destination, it has been revealed.
In what is being dubbed as an accident, AT&T's web traffic intended for Facebook was made to route through China Telecom servers and SK Broadband in South Korea before it reached the social networking giant.
According security researcher Barrett Lyon, when he ran a traceroute program to discover which network providers were being used to direct AT&T users to Facebook, he discovered that the traffic was directed via servers in China and South Korea, rather than Facebook's own network provider.
“Typically AT&T customers’ data would have routed over the AT&T network directly to Facebook’s network provider but due to a routing mistake their private data went first to ChinaNet then via ChinaNet to SK Broadband in South Korea, then to Facebook,” Lyon explained in a blog post.
“This means that anything you looked at via Facebook without encryption was exposed to anyone operating ChinaNet, which has a very suspect Modus operandi,” he added.
Meanwhile, several network security experts believe that it was more than just a mistake that the traffic was routed through China. Rodney Joffe, senior technologist at DNS (Domain Name System) registry Neustar, described the incident as 'route hijacking'.