Saturday, 16 February 2013
The Facebook security teams has confirmed that the social networking site was targeted in a "sophisticated attack" last month.
The digital intrusion apparently occurred when a small number of Facebook personnel visited a compromised mobile developer website.
"The site hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines," a Facebook rep explained.
"After analyzing the compromised website where the attack originated, we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability."
Interestingly, Facebook says it wasn't not alone in the above-mentioned attack, as other sites were infiltrated as well.
However, the rep was also quick to point out that the social networking site had found "no evidence" of compromised user data.
"As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," the rep added.