Facebook confirms hit by cyber attack, no evidence user data compromised

16 Feb 2013

Social networking giant Facebook has confirmed that it has been the victim of an attack by hackers. It says several of its engineers’ computers were hacked using a zero-day Java attack, but has ruled out the likelihood that any of its 1bn users’ data has been compromised.

The attack occurred when a number of employees visited a mobile developer website that was compromised and malware was installed on their laptops.

Facebook said that there is no evidence to suggest user data was compromised.

It is working with its security partners and law enforcement agencies to uncover the origins of the attack.

“Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack,” the social network said last night.

Facebook investigates hacker attack

“This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.

“As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future.

“Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.

“After analysing the compromised website where the attack originated, we found it was using a ‘zero-day’ (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.

“Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently, as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means,” the social network said.

Facebook image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com