Facebook And Others Targeted By ‘Sophisticated’ Attack – Chinese To Blame Maybe?

The world’s biggest social networking site, Facebook, was hacked last month in what has been described as a ‘sophisticated attack’. Fortunately, however, it appears that no user data has been compromised.

The attack came about in January after some of its developers visited a mobile developer’s website that had already been compromised by a Java exploit.

“Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure.”
Facebook

facebook

Facebook laptops, that were fully patched, then became infected with malware via the Java zero day which was not patched by Oracle until February the 1st.

“As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.”

The Facebook security team realised that they had been hacked when a suspicious domain in their DNS logs was flagged. Their investigations tracked that back to an employee laptop which contained a malicious file and a company-wide search then led to the discovery that other machines had also been compromised.

According to Facebook they were not the only target of this attack –

“Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected.”

Whilst the timing of this attack ties in with other high profile cases against media sites, such as The New York Times, their is no word on who was responsible at this time, though I’m sure Chinese hackers have not been ruled out.

Facebook ended their statement with a reminder about their bug bounty program for anyone who submits details of security vulnerabilities that attack their services.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] China – leave off Facebook and The New York Times or else you’re gonna get […]

  2. […] see, its not just the likes of Facebook and The New York Times who think that Chinese hackers have been up to no good – some Germans […]

  3. […] The iPhone manufacturer said the breach occurred after some company employees visited a developer website which then exploited a vulnerability in the Java browser plugin and subsequently installed malware onto their Macs. This sounds remarkably similar to what happened with Facebook in January. […]

Speak Your Mind

*