{"id":642734,"date":"2013-02-15T17:46:49","date_gmt":"2013-02-15T22:46:49","guid":{"rendered":"http:\/\/gigaom.com\/?p=611411"},"modified":"2013-02-15T17:46:49","modified_gmt":"2013-02-15T22:46:49","slug":"the-hacker-way-runs-both-directions-facebook-suffers-from-a-malware-attack","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/642734","title":{"rendered":"The Hacker Way runs both directions: Facebook suffers from a malware attack"},"content":{"rendered":"

Mark Zuckerberg likes to expound on the \u201cHacker Way\u201d as the ethos of his social networking company<\/a>, but Facebook recently encountered some hackers of a more unfriendly nature. Facebook revealed on Friday that it was the target of a malicious attack last month. In a blog post, Facebook stated that the threat was contained and that it found no evidence that Facebook user data was compromised.<\/p>\n

Here\u2019s an excerpt from the blog post<\/a> (emphasis Facebook\u2019s):<\/p>\n

\n

Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.<\/p>\n

We have found no evidence that Facebook user data was compromised.<\/strong><\/p>\n

As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future.<\/p>\n<\/blockquote>\n

The blog post went on to say that the malware exploited a previously unknown, or \u201czero day,\u201d vulnerability in its Java sandbox software to plant itself in multiple employees\u2019 PCs. Facebook\u2019s security team traced the attack to a suspicious domain, and then informed Java overlord Oracle, which then provided a patch on Feb. 1 to fix the vulnerability.<\/p>\n

Facebook added that it wasn\u2019t the only company targeted the attack, but it was one of the first to identify it. The social network said it is working closely with law enforcement and the other targeted companies, but so far the hacker group hasn\u2019t been identified.<\/p>\n

Note that Facebook didn\u2019t say for certain that no user data was stolen. It only said it found no evidence of data being compromised. Nor did Facebook provide any details on what data the hackers had access to. We\u2019ll update this story as we learn more.<\/p>\n

\"\"<\/p>\n

<\/a><\/p>\n

Related research and analysis from GigaOM Pro:<\/strong>
Subscriber content. Sign up for a free trial<\/a>.<\/p>\n