Facebook Hacked, User Data Not Compromised

By Chloe Albanesius
February 15, 2013 05:34pm EST
Comments

Facebook is the latest company to reveal that it was the victim of hackers, but the company said users' personal information was not compromised by the breach.

In a Friday blog post, the social network said its security team last month discovered that Facebook's systems were "targeted in a sophisticated attack."

"This attack occurred when a handful of employees visited a mobile developer website that was compromised," Facebook said.

The website in question was hosting an exploit that installed malware on the computer of anyone who visited it. Facebook said the infected laptops were running updated versions of anti-virus software, and "as soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."

Ultimately, Facebook has found no evidence that any Facebook user data was compromised by the malware.

The bug was uncovered when the Facebook Security team flagged a suspicious domain in its corporate DNS logs and tracked it back to an employee computer. An examination of the laptop revealed the malicious file, prompting a wider search - and the discovery of more malware.

The file in question used a zero-day exploit that bypassed the Java sandbox to install the malware. "We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability," Facebook said.

Facebook said other, unnamed companies were also hit by this attack. "We immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected," the firm said. "We plan to continue collaborating on this incident through an informal working group and other means."

Facebook did not name which other companies were hit, but earlier this month, Twitter said that it detected "unusual access patterns" on its network, which indicated that attackers might have accessed the user data of approximately 250,000 users.

The announcement comes the same week that members of Congress re-introduced the controversial CISPA information-sharing bill. The legislation would allow the government and private companies to share information about cyber attacks. Supporters claim it's the best way to stop attacks from countries like Iran and China, but detractors are concerned that the immunity provided to companies for sharing information will prompt them to hand over user data without a second thought.

When CISPA was first introduced last year, Facebook issued its support for the bill. "One challenge we and other companies have had is in our ability to share information with each other about cyber attacks. When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack," Joel Kaplan, vice president of U.S. public policy at Facebook, said at the time. "Similarly, if the government learns of an intrusion or other attack, the more it can share about that attack with private companies (and the faster it can share the information), the better the protection for users and our systems."

For more, see Obama's Cybersecurity Executive Order vs. CISPA: Which Approach Is Best?

Meanwhile, Facebook and Twitter are not the only ones to fall prey to hackers lately; other victims include Jawbone, a Montana TV station, the Gmail accounts of journalists covering Myanmar, the Bush family, the Federal Reserve, and the Department of Energy.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.