The social media giant Facebook has released a statement accepting that it was hacked in January when its employers accidentally downloaded a malicious malware compromising the site security.
The incident occurred when some of the Facebook employers visited a mobile developer website that was already hacked hosting an exploit which then allowed malware to be installed on these employee laptops.
The statement further explains that “The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.We have found no evidence that Facebook user data was compromised”.
The statement also explains the vulnerability and how the malware worked “After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability”.
Facebook says that it is in connection with the law enforcement authorities, conducting an internal investigation making it sure that no personal data was leaked, as well as scanning the security of existing Facebook servers.