Facebook says it has found no evidence that any user information was compromised in a hack last month.
STORY HIGHLIGHTS
- Facebook says it was hacked in January when employees visited a compromised website
- The social network has found no evidence that any user data was obtained by the hackers
- This is latest in a string of high-profile hacks this year
The company described the "sophisticated attack" in a blog post
on Friday, saying it took place in January when a small number of
employees visited a compromised website that installed malware on their
machines.
"As soon as we discovered
the presence of the malware, we remediated all infected machines,
informed law enforcement and began a significant investigation that
continues to this day," Facebook Security said in the post.
Facebook, the largest social network in the world, is the latest high-profile site to be hacked this year. Twitter announced
a similar intrusion earlier this month, and major news organizations
including The New York Times, Wall Street Journal and Washington Post
have also admitted to being hacked.
The news sites attributed
the breaches to hackers working for the Chinese government, but neither
Facebook nor Twitter mention China when describing their attacks.
"Facebook was not alone
in this attack. It is clear that others were attacked and infiltrated
recently as well," said the blog post. "As one of the first companies to
discover this malware, we immediately took steps to start sharing
details about the infiltration with the other companies and entities
that were affected. "
Unlike Twitter, Facebook
said it has found no evidence that any user information was compromised.
Twitter said that user names, encrypted passwords and e-mail addresses
for as many as 250,000 users were potentially grabbed by the hackers. It
reset passwords for all affected accounts.
The string of hacks have
primarily exploited vulnerabilities in the programming language Java,
which is installed on most computers by default. Facebook said the site
responsible for its attack took advantage of a previously unknown Java
vulnerability, which Oracle patched on February 1.
In January, the
Department of Homeland Security issued an alert about the
security-challenged software and recommended people turn it off on their
computers. Apple turned off Java by default for its OS X users as a
precaution. Full instructions on how to disable Java on any computer can
be found on Oracle's website. If you must use Java, make sure that you have downloaded the latest updates, which include key security patches.
Facebook said it will continue to work with law enforcement and others in the industry to prevent future attacks.
No comments:
Post a Comment