Facebook reported yesterday that they have been a target of a sophisticated hacking attempt which resulted in malicious code being installed on company machines.
“Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops,” said the company in their official blog. “The laptops were fully-patched and running up-to-date anti-virus software,” they added.
The company says that the perpetrators used a zero-day exploit, or an unknown vulnerability in Java software to gain access to the computers. Once the company learned of the breach, they took corrective measures and informed both the authorities and Oracle about the exploit. “As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day,” they said.
While the company’s computers may have been compromised, Facebook says that no user accounts have been taken. The company believes that they are not alone in this particular situation, as dozens of other hi-profiles sites were attacked over the previous days. “Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.”