Zero-day Java exploit targets Facebook employees

By on
Zero-day Java exploit targets Facebook employees
A women works with her computer which displays Facebook logos on the screen in Bordeaux, Southwestern France, January 30, 2013. Credit: Reuters/Regis Duvignau

Updated: Malicious files found on employee laptops.

Facebook has revealed it was the target of a series of attacks by an unidentified hacker group, but that it had found no evidence that user data was compromised.

"Last month, Facebook security discovered that our systems had been targeted in a sophisticated attack," the company said in a blog post posted on Friday afternoon.

"The attack occurred when a handful of employees visited a mobile developer website that was compromised."

ArsTechnica reported that the hackers exploited a zero-day Java flaw to install malware on the employees' machines.

The social network, which says it has more than one billion active users worldwide, also said: "Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well."

The ArsTechnica report stated that Facebook had notified other companies of the potential attack, after discovering signs of their traffic in attack remediation works.

Facebook's announcement follows recent cyber attacks on other prominent websites. Twitter, the microblogging social network, said earlier this month that it had been hacked, and that approximately 250,000 user accounts were potentially compromised, with attackers gaining access to information including user names and email addresses.

Newspaper websites, including those of The New York Times, The Washington Post and The Wall Street Journal, have said they have also been infiltrated. Those attacks were attributed by the news organisations to Chinese hackers targeting their coverage of China.

While Facebook said that no user data was compromised, the incident could raise consumer concerns about privacy and the vulnerability of personal information stored within the social network.

Facebook has experienced several privacy missteps over the years for the way it handles user data, and settled a privacy investigation with federal regulators in 2011.

Facebook said it spotted a suspicious file and traced it back to an employee's laptop. After conducting a forensic examination of the laptop, Facebook said it identified a malicious file, then searched company-wide and identified "several other compromised employee laptops."

The company also said it identified a previously unseen exploit to bypass its built-in cyberdefenses, and that new protections were added on February 1. (Reporting by Tim Reid; editing by Gary Hill, G Crosse)

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?