Facebook Security has confirmed that the service was the target of a ‘sophisticated attack’ in January, but asserts that users’ personal data hasn’t been compromised. In a gist, this originated from an affected website hosting an exploit, but was apparently caught before any real damage could be done.
Getting down to the technical details of the hack, when a few Facebook employees logged on to a mobile developer website, an exploit allowed malware to be installed on their laptops. These devices, the company says, had their anti-virus software up-to-date and were fully patched. As soon as the threat was identified and the malware discovered, law enforcement officials were brought into the picture and an investigation was launched.
The company reiterates that it has found no evidence that user data was compromised, although further investigation is ongoing and it is working with law enforcement agencies to find out more about the attack and ways to prevent such attempts in future. The incident has been reported to Oracle and a patch was provided on February 1, 2013 to address the vulnerability.
Delving further into the technicalities of the matter, the company’s cyber security flagged a suspicious domain, tracking it back to an employee laptop. A company-wide search was then initiated and other compromised devices were subsequently flagged. According to what has been made known so far as part of the social networking website’s investigations, the malware was installed using a zero-day exploit to bypass the built-in protection of the Java sandbox.
Further, the SNS reports on an official blog post that it wasn’t the only organization targeted and infiltrated, but it was one of the first to discover the malware. It immediately moved to share details of the attack with other entities that may have been affected and continues to collaborate with other companies through informal means.
On a related note, the SNS had been in the news over the past few months. In December it was revealed that it would test a pay to message feature. This came a little while after users were given a chance to vote on policy changes. But last month it turned out for some positive appreciation with its new Graph Search.
So that was the long and short of the attack on Facebook last month. Not much information has been revealed on exactly what aspects of the site were targeted and the social network says that it hasn’t found any evidence that the hack has left its users’ data affected, although investigative efforts continue.