Facebook hacked, says there's no evidence of user data breach
16th Feb 2013 | 01:04
Zero-day Java exploit
Facebook recently discovered some of its employees' laptops were hacked, though it doesn't look like any serious harm was done.
The social network posted the news on its blog today, saying the firm didn't find any evidence that user data was compromised. Good news for its 800 million-plus active users.
"Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack," the blog post state quite simply.
While it acknowledged the hack, Facebook didn't share what, if anything, the perpetrators gained access to.
Zero Dark Java
Facebook identified the "zero-day Java exploit" as the method of attack. It said a handful of employees visited a compromised mobile developer website that installed malware on their laptops.
The hackers took advantage of a weakness in Oracle's Java software enabled on web browsers, even though Facebook said its anti-virus software was up to date. The company noted it was a previously undiscovered exploit.
The social network said Facebook Security flagged a suspicious domain in its DNS logs and tracked it back to an employee's laptop. After the malware was discovered, the security team conducted a company-wide search and fixed the remaining infected machines.
Though it seems like Facebook has the security breach under control, it doesn't look like this is an isolated incident.
"Facebook was not alone in this attack," the same blog post read. "It is clear that others were attacked and infiltrated recently as well."
In the beginning of February, Twitter was also comprised by hackers, affecting 250,000 user accounts. Before that, the New York Times and the Wall Street Journal were targeted by large-scale attacks.
Facebook didn't mention any connection to the Twitter or the newspaper attacks in its post.
However, Twitter's Director of Information Security, Bob Lord, advised that people should turn off Java on their browsers when its attack was made public.
He also noted that Apple and Mozilla have turned off Java in each company's browsers after many security questions had been raised about Oracle's software.
Though there has been no official mention of any link, Java is the common concern. That might mean the attacks could be coming from the same group or individual, or just that different malicious entities are using the same exploits.
Whatever the case, turning off Java on your browser is increasingly looking like the smart move to make.