Facebook confirms it suffered a "sophisticated attack" last month
Posted on 18 Feb 2013 at 08:55, by Gareth Halfacree
Facebook has confirmed that a "sophisticated attack" which saw employee laptops infected with malicious software reached the servers of its social network, but denies that any user details have been placed at risk.
The attack, which was detected by the company last month, saw "a handful of employees" tricked into visiting a compromised mobile developer site, which installed a malicious application onto their Facebook-provided laptops - despite the presence of an up-to-date operating system and fully-operational anti-virus package. The culprit, Facebook's security department claims, was a previously unknown flaw in Oracle's Java software, which has since been patched.
"Facebook was not alone in this attack", the company said in a statement attributed to its security department. "It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means."
In mitigation, Facebook claims that it was quick to quarantine and clean the affected laptops as soon as the issue was detected, and states that there is "no evidence that Facebook user data was compromised". The latter is important: like advertising giant Google, Facebook holds a vast store of data on its users from advertising tracking beacons to addresses, diary entries, private images and communications. The company also holds credit card and other payment details on those of its users who choose to spend money on the site's add-on apps and games.
According to Facebook's security department, all this data is safe - although the company is silent on what the purpose of the attack was, if not to steal personal data from Facebook's many users.
"As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack" the company concluded, "and how to prevent similar incidents in the future."
Find a review
- O2 launches Xbox One and PS4 smartphone bundles
- EA halts Battlefield 4 expansion development to fix main game
- PS4 Battlefield 4 patch delayed for 'additional testing'
- Microsoft opens Project Spark beta for Windows 8.1 users
- Sony: 2.1 million PS4 consoles sold since launch
- PS4 stock: Sony promises "substantial further volumes" in time for Christmas
- Xbox One developer settings hack could lead to boot loops, warns Microsoft
- PS4 sells 250,000 consoles in the UK in just 48 hours
- Sony PS4 code redemption restored for some after a rocky launch weekend
- Xbox One hard drive replaced with SSD to boost performance