Facebook Inc said on Friday it had been targeted by an unidentified hacker group but had no evidence any user data had been compromised.
The social networking giant has more than one billion active users worldwide and Facebook is not the only site in this attack. It is clear that others were attacked and infiltrated recently as well, said Facebook.
The attack came two weeks after Twitter was hacked and asked its users to reset their passwords. In the same week, The New York Times and The Wall Street Journal also reported that their computers too were hacked.
"Facebook Security discovered that systems had been targeted in a sophisticated attack last month. The attack occurred when a handful of employees visited a mobile developer website that was compromised," Facebook said in a blog post posted on Friday afternoon.
"The compromised website hosted an exploit which then allowed malware to be installed on employees' laptops. It also said the laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," the company writes in a bog post.
Facebook had no evidence that any users' data was compromised and had no idea where the attack originated or who may have conducted it.
"After analyzing the compromised website where the attack originated, we found it was using a "zero-day" (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware," Facebook said. "We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability."
Facebook Security team had detected threats and monitored infrastructure for attacks at all times. In this particular instance, it flagged a suspicious domain in corporate DNS logs and was tracked in an employee's laptop. After conducting forensic examination of that laptop, they identified a malicious file.
To report problems or to leave feedback about this article, e-mail:
To contact the editor, e-mail: