Another high profile company can now be added to the long list of companies that experienced hacking attacks. Facebook just reported that they were hit by what they call as a “sophisticated attack” last month. This happened when a couple of their employees visited a mobile version of a developer website that was compromised. The root cause however was the zero day exploit that bypassed the Java sandbox and enabled a malware to be installed in the computer in question. The company said that they immediately reported the exploit to Oracle which released a patch last February 1.
Facebook went on to report that they have found no evidence that any user information had been compromised as a result of this security breach into their system. The company said that they are closely working with security teams of other companies and government agencies to investigate the attack and learn how to prevent a similar occurrence in the future.
In the official blog post of the company they said that “Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.”
It wasn’t Facebook that was the only company hacked during this period as other companies were attacked and infiltrated as well. The names of the companies affected are not disclosed as of the moment though. As one of the companies being attacked first, the social networking giant immediately shared details on the attack to other companies so as to prevent any data breach.
The high security risk involved with using Java has prompted the Department of Homeland Security to issue a warning last month telling people to disable it on their web browsers. A flaw in the software allows an attacker to remotely control an infected system. Although Oracle has since then released a security patch for this, people are still advised to disable Java altogether if it really isn’t needed.