Facebook Gets Hacked, But No User Data Compromised
In Jan. 2013, Facebook Security noticed that its systems had been targeted in a sophisticated attack. Reportedly, it occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops, and as soon as Facebook discovered the presence of the malware, it "remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."
The good news, however, is that Facebook has found no evidence that user data was compromised. Here's a partial statement from Facebook:
"After analyzing the compromised website where the attack originated, we found it was using a "zero-day" (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.
Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means."
So, no need to fret, but now would be as good a time as any to update those passwords.