Facebook has just announced that last month they were targeted by a “sophisticated attack” that saw some of its employees let malware onto their systems after visiting a compromised site.
Not to fear, though. Facebook says that they have found no evidence that any of your information was ever compromised.
“Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day,” says Facebook on its Security page.
Facebook identified the problem as a zero-day Java exploit.
“After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”
Apparently, the hack is still being investigated but they reiterate (multiple times) that no user data was accessed .
“Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure,” says the company.