News

Actions

Facebook says no user data compromised after ‘sophisticated attack’

Posted at 2:21 PM, Feb 17, 2013
and last updated 2013-02-17 14:21:29-05

(CNN) – Facebook says it was recently hacked, though it says no data about its more than a billion users was compromised.

The company described the “sophisticated attack” in a blog post on Friday, saying it took place in January when a small number of employees visited a compromised website that installed malware on their machines.

“As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement and began a significant investigation that continues to this day,” Facebook Security said in the post.

Facebook, the largest social network in the world, is the latest high-profile site to be hacked this year. Twitter announced a similar intrusion earlier this month, and major news organizations including The New York Times, Wall Street Journal and Washington Post have also admitted to being hacked.

The news sites attributed the breaches to hackers working for the Chinese government, but neither Facebook nor Twitter mention China when describing their attacks.

“Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well,” said the blog post. “As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. ”

Unlike Twitter, Facebook said it has found no evidence that any user information was compromised. Twitter said that user names, encrypted passwords and e-mail addresses for as many as 250,000 users were potentially grabbed by the hackers. It reset passwords for all affected accounts.

The string of hacks have primarily exploited vulnerabilities in the programming language Java, which is installed on most computers by default. Facebook said the site responsible for its attack took advantage of a previously unknown Java vulnerability, which Oracle patched on February 1.

In January, the Department of Homeland Security issued an alert about the security-challenged software and recommended people turn it off on their computers. Apple turned off Java by default for its OS X users as a precaution. Full instructions on how to disable Java on any computer can be found on Oracle’s website. If you must use Java, make sure that you have downloaded the latest updates, which include key security patches.

Facebook said it will continue to work with law enforcement and others in the industry to prevent future attacks.