default ads for article
MENLO PARK, CALIFORNIA — The social networking website Facebook on Friday revealed it was the target of a "sophisticated attack" by hackers but said no user data was compromised. It comes just weeks after Twitter also revealed it was the victim of a cyber attack.
Facebook said the attack occurred last month when several of its employees visited a developer's website that had been compromised. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops," the social media giant wrote on its security blog.
The website was using a previously unseen exploit to bypass built-in protections in Java's sandbox, allowing the malware to install itself despite the affected laptops running up-to-date anti-virus software. "As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," the company said.
Oracle, which owns the Java software, provided a patch on February 1 that addresses the vulnerability.
Facebook said its security team found no evidence that user data was compromised but said other businesses had been attacked and infiltrated as well. "We will continue to work with law enforcement and the other organizations and entities affected by this attack," the blog post said.
Earlier this month, the social networking website Twitter also revealed it was also the victim of a cyber attack that exploited a vulnerability in Java software. That attack allowed hackers to access user names, e-mail address, session tokens, and encrypted passwords for approximately 250,000 users.