4 of 15Image
In February this year, the world's largest social network suffered a sophisticated attack caused by a zero day vulnerability.
Facebook said there was "no evidence" that user data was compromised by the cyberattack, which was caused when a number of the social network's employees visited a mobile developer website infected with malicious code. Malware was then installed on these employee's laptops, and the Java-based zero day exploit was able to bypass security systems that keep applets away from system files. As a result, hackers may have been able to access the internal Facebook corporate network.
Law enforcement was notified and the hack investigation is ongoing.
However, this wasn't the end for Facebook's year of being a cyberattack target. Facebook said in a blog post on June 21 that as part of its White Hat scheme -- which rewards notices of system vulnerabilities -- a bug that may have allowed some of a person's contact information (email or phone number) to be accessed by people who either had some contact information about that person or some connection to them. Approximately 6 million Facebook users had email addresses or telephone numbers shared without their consent before the bug was fixed.
In February, Apple experienced a breach on its corporate servers after employee computers were hit with malware, funnelled through a vulnerability in the Java Web plug-in. This attack took place only a week after Facebook was hit with a similar attack.
On February 19, the iPhone and iPad maker announced the company was working with law enforcement agencies to investigate the security breach, but there was "no evidence that any data left Apple." The tech giant said in a statement:
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network."
A Java malware removal tool was released the same day to prevent Mac users from being hit with the same cyberattack, and Oracle subsequently patched the exploit.
Image credit: Apple
Yet another attack in February took place, this time against popular microblogging platform Twitter.
In a blog post, Twitter said "unusual access patterns" allowed the company to discover attacks on Twitter data. The subsequent investigation found that the usernames, email addresses, session tokens and encrypted versions of passwords for 250,000 users were potentially placed at risk.
The firm said that the cyberattack "was not the work of amateurs," and was unlikely to be an isolated scenario.
As a result, Twitter reset passwords for these accounts, notifying those impacted via email. In addition, the social network suggested that Java be disabled on user browsers.
Following the breach, Twitter rolled out support for two-factor authentication to bolster security.