Facebook Gets Hacked, But No User Data Compromised

There sure has been a lot of hacking going on in recent weeks. Even major news outlets like The New York Times have joined the U.S. government in suspecting the Chinese military of attempting to solicit digital information, and this week, Facebook announced that it too has been the target of an attack. In a post erected to the company's Security portal, it confessed that while it invests heavily in protecting users and proactively preventing such attacks, one managed to slip by last month.

In Jan. 2013, Facebook Security noticed that its systems had been targeted in a sophisticated attack. Reportedly, it occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops, and as soon as Facebook discovered the presence of the malware, it "remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."

The good news, however, is that Facebook has found no evidence that user data was compromised. Here's a partial statement from Facebook:

"After analyzing the compromised website where the attack originated, we found it was using a "zero-day" (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.

Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means."

So, no need to fret, but now would be as good a time as any to update those passwords.