Facebook confirms it suffered a "sophisticated attack" last month

 

Gallery

Posted on 18 Feb 2013 at 08:55, by Gareth Halfacree

Facebook has confirmed that a "sophisticated attack" which saw employee laptops infected with malicious software reached the servers of its social network, but denies that any user details have been placed at risk.

The attack, which was detected by the company last month, saw "a handful of employees" tricked into visiting a compromised mobile developer site, which installed a malicious application onto their Facebook-provided laptops - despite the presence of an up-to-date operating system and fully-operational anti-virus package. The culprit, Facebook's security department claims, was a previously unknown flaw in Oracle's Java software, which has since been patched.

"Facebook was not alone in this attack", the company said in a statement attributed to its security department. "It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means."

In mitigation, Facebook claims that it was quick to quarantine and clean the affected laptops as soon as the issue was detected, and states that there is "no evidence that Facebook user data was compromised". The latter is important: like advertising giant Google, Facebook holds a vast store of data on its users from advertising tracking beacons to addresses, diary entries, private images and communications. The company also holds credit card and other payment details on those of its users who choose to spend money on the site's add-on apps and games.

According to Facebook's security department, all this data is safe - although the company is silent on what the purpose of the attack was, if not to steal personal data from Facebook's many users.

"As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack" the company concluded, "and how to prevent similar incidents in the future."