Facebook hit by 'sophisticated attack'; Java zero-day exploit to blame
Facebook was hacked last month, the company said today, but was keen to stress that they have not found any evidence that user data was compromised.
In the note, the one-billion strong social network—the largest in the world—said that while it is "frequently targeted by those who want to disrupt or access our data and infrastructure," company employee laptops became infected after visiting a Web site containing malware.
Facebook said that it suffered at the hands of a Java zero-day exploit that was able to bypass the software's sandbox—a system that keeps whatever applet is running in a safe place away from system files.
This was reported to Oracle and has since been fixed. It is believed that Java 7 (Update 13) fixed the exploit, which was released on February 1, according to timing, but Facebook did not go into specifics.
In this case, Facebook's Security team noticed a suspicious domain in its corporate domain name (DNS) logs which was traced to an employee laptop, suggesting that hackers may have been able to access the internal Facebook corporate network. A malicious file was identified and the firm "flagged several other compromised employee laptops."
The company also noted that the Web site hosting the exploit which installed malware on the laptops despite being fully patched and running up-to-date anti-virus software. Once these machines were identified, law enforcement was contacted and "continues" to investigate the hack.
Facebook's Security team is typically "successful in preventing harm before it happens," and investigates often before anything occurs. The team has also been behind the assisted takedown of an 11 million strong botnet, giving assistance to the U.S. Department of Justice and the FBI.
Facebook published the note disclosing the security breach nearly half an hour after the markets closed. $FB closed down 0.6 percent and fell slightly further after market close.
The "sophisticated attack" that hit the social network's internal network seems to tie in at around the same time that major news and media organizations were hit by cyberattacks, which are understood to have been perpetrated by Chinese hackers or agents working on behalf of the government.
Facebook said that it was "not alone in this attack," adding:
It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.
China is no stranger to hacking. In 2010, Google pulled out of the country altogether after its networks were compromised by the Chinese government.