Facebook Hacked In 'Sophisticated Attack,' Company Reveals | HuffPost

Facebook Hacked In 'Sophisticated Attack,' Company Reveals

By

Technology reporter, The Huffington Post

|

Facebook said Friday that its internal computer network was breached in "a sophisticated attack" last month, but said no user data was compromised.

The attack occurred when employees of the social network visited an infected website belonging to a mobile developer. The compromised site downloaded malicious software, or malware, onto employees' laptops. Facebook did not name the developer whose website caused the attack.

"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," the company said in a blog post Friday.

"Facebook was not alone in this attack," the post said. "It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.

Facebook said it was working with its engineers and outside security experts to "learn everything we can about the attack, and how to prevent similar incidents in the future."

The employees whose laptops were hacked were running up-to-date antivirus software. But Facebook said the hacker used what is called a "zero day" exploit, or a piece of malicious software that had never been used before, making it impossible for security tools to stop it.

Facebook is one of a few companies who pay security researchers to report flaws in its code that could be exploited by hackers for malicious purposes. But those financial rewards, known as "bug bounties," are far less than what researchers can earn by selling "zero day" attacks on the black market, experts say.

Facebook said it reported the malware to Oracle, which makes the Java software that the attackers were able to bypass to infect the employees' laptops. Oracle has since fixed the flaw that led to the attack.

But Oracle has faced growing criticism for flaws in Java -- a programming language that is widely used by website designers -- that allows hackers to break into users' computers and install malware. The Russian security company Kaspersky Lab has said that Oracle's Java software was responsible for about half of all cyber attacks last year.

Many security experts and the Department of Homeland Security have advised users to disable Java from their Web browsers. An article on Slate.com offers instructions to users on how to disable it from their browser to avoid getting hacked.

Our 2024 Coverage Needs You

As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.

Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.

Contribute as little as $2 to keep our news free for all.

Can't afford to donate? Support HuffPost by creating a free account and log in while you read.

Support HuffPost

Before You Go

7 Ways You Might Be Oversharing On Facebook

You Luv 'Call Me Maybe'(01 of07)

Remember when you were having that really bad day and blasted Carly Rae Jepsen's "Call Me Maybe" 23 times on Spotfiy? Yeah... well, we witnessed that low moment via your Facebook profile's ticker, the real-time mini feed located in the upper right hand corner of Facebook pages.If you don't want to share your (possibly embarrassing) musical preferences with your Facebook friends, make sure to turn off the "Share to Facebook" button (at the top right of your Spotify desktop app).

You Can't Resist Clicking On Sketchy, Sexy Video Links(02 of07)

Some Facebook apps, like Socialcam, are designed to make you click on content by using sleazy, eye-catching headlines. "Socialcam's 'trending' videos read like a bunch of crossovers between the 'American Pie' franchise and 'Jackass,'" The Washington Post wrote in June. If you're a SocialCam user, remember that the spam-like titles of videos you view automatically pop up on your profile, so your friends all might know when you've watched "CraZy ThReeSom!" or "Two Wasted Chicks" last week.

You Can't Get Enough Sideboob In Your News(03 of07)

Glancing at a juicy article on how Miley Cyrus flashed some sideboob? While this wouldn't phase some Facebook users, others would prefer not to have anything with the word "sideboob" published on their profiles or in friends' News Feeds. Facebook's social reader apps track the articles you read, and with permission you grant when first downloading the app, then post the stories automatically to your wall. So be wary of those scandalous headlines promising half-naked pictures.

How Old You Are(04 of07)

Some people love getting birthday wishes via Facebook. But putting your your full date of birth on any social networking site means strangers are privy to information that can be used to steal your identity. If you want to keep your birthday up online, consider taking the safe route and nix the year. (credit:AP)

You Went Out Boozin' Every Night Last Week(05 of07)

Friends or apps can now tag your location via Facebook. But maybe you don't want everyone to know you're visiting that neighborhood dive bar for the fourth night this week. "There isn't a specific setting to block people from tagging you in a post that includes a location," Facebook's site reads. This means if you don't want your whereabouts known, you'll have to change your Timeline setting to approve all tags before they're posted, or manually remove the tags once they've been published.

You Are Addicted To Artsy Pics Of Beaches And Breakfast Food(06 of07)

Photo-sharing app Instagram is relatively direct in telling you where your pictures are posted. But you might unknowingly be photo-spamming your friend's Facebook feeds by letting the app re-post every picture you "like" onto Facebook. And things could get a little dicey depending on what types of images you view.Luckily this feature is easy to change. Just go into the settings options on your Instagram app, click the "Share Settings" tab and turn off the setting that shares "Liked" photos to your Facebook timeline. (credit:AP)

What Your Kids' Names Are(07 of07)

Tagging or naming younger children on Facebook can be a dangerous move. Similar to putting your full birthday on the interent, you could be offering up too much information and enabling a breach of privacy. "If your child isn't on Facebook and someone includes his or her name in a caption, ask that person to remove the name," Consumer Reports advises. (credit:AP)

Suggest a correction

|

From Our Partner

HuffPost Shopping's
Best Finds

This Affordable Drugstore Cream Might Be The Closest Thing To The Famous La Mer

39 Products For Anyone In Their Quiet Luxury Era, But On A Budget

29 Pairs Of Shoes Reviewers Say Make It Feel Like You’re 'Walking On Clouds'

This $17 French Moisturizer Is Amazon’s Best-Kept Beauty Secret

12 Shorts For Men That Aren't Too Long And Don't Look Dumb