Published On: Sun, Feb 17th, 2013

Facebook Hacked by Zero-Day Java Exploit


Facebook was hacked via a zero-day Java exploit last month. The attack occurred when a handful of Facebook employees visited a mobile developer’s compromised website. Laptops used by these employees were fully-patched and running up-to-date anti-virus software. But an exploit hosted by the website somehow allowed malware to be installed on their laptops.

Facebook Security said it initially flagged a suspicious domain in its corporate DNS logs and tracked it back to an employee laptop. After digging through its hardware and files, the team identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.

Facebook said “After analyzing the compromised website where the attack originated, we found it was using a ‘zero-day’ (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware, we immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”

“We have found no evidence that Facebook user data was compromised,” Facebook Security said. “We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.”

Naturally the details on what the malware actually accomplished weren’t provided.

The news arrives two weeks after Twitter was hacked and 250,000 user accounts possibly compromised. Other recent targets have included the Wall Street Journal, the New York Times and the Washington Post. The latter three have blamed the Chinese government for their hacks whereas Twitter and Facebook have yet to point any fingers.

About the Author

LIKE US

GET A FREE MAGAZINE

* Your Email:
   First Name:
   Last Name:
 

UPCOMING IT EVENTS