Facebook employees hit with malware
Attack exploits Java vulnerability; ‘no evidence’ of public user data access
Facebook Inc confirmed on Friday that laptops used by its employees had been compromised by malware when staff visited the infected website of a mobile software developer last month.
The incursion was detected when Facebook's network monitoring personnel unearthed a suspect domain and traced it to an employee's computer. The malware discovered on the machine made use of a known vulnerability within Oracle's Java runtime platform. The hole was resolved with a patch released by Oracle on 1 February.
Facebook stressed there was no evidence user data had been accessed, but Bloomberg reported yesterday that the social media company is working with the US Federal Bureau of Investigation (FBI) in an effort to determine the source of the attack.
"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," Facebook said.
Earlier this month Twitter revealed it had been subject to an attack and said that as many as 250,000 accounts may have been accessed, including the personal data attached to them. Other attacks on the websites of prominent newspapers The New York Times, The Washington Post, and The Wall Street Journal were attributed to Chinese hackers.