The world’s most popular social site Facebook was hacked recently. Many of us may have experienced the down time. There were some messages to the effect that the site was down for maintenance. But now the official Facebook Security team has confirmed that the site was in fact hacked!
According to Facebook Security team, hackers had carried out a sophisticated attack on their systems. They discovered this loophole when their employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date antivirus software. The security team of Facebook reported the exploit to Oracle, who in turn released a patch.
However as far as the user data is concerned, Facebook has declared that it was in no way compromised. The investigation are still going on. The Facebook engineering teams along with the security teams of some other companies, and law enforcement authorities are involved in finding out the full details about the attack.
After analyzing the compromised website where the attack originated, Facebook found that it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware.
Says Facebook:
- There is no evidence that Facebook user data was compromised.
- Facebook will continue to work with law enforcement and the other organizations and entities affected by this attack.
This is not the first time that large social networking sites have been compromised. Recently 250000 accounts of Twitter were compromised.