Facebook Hit By 'sophisticated' Attack, Says No Data Compromised

[News_Editor]

Facebook hit by 'sophisticated' attack, says no data compromised < br />

2013-02-17 00:56:43 GMT+7 (ICT)

MENLO PARK, CALIFORNIA (BNO NEWS) -- The social networking website Facebook on Friday revealed it was the target of a "sophisticated attack" by hackers but said no user data was compromised. It comes just weeks after Twitter also revealed it was the victim of a cyber attack.

Facebook said the attack occurred last month when several of its employees visited a developer's website that had been compromised. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops," the social media giant wrote on its security blog.

The website was using a previously unseen exploit to bypass built-in protections in Java's sandbox, allowing the malware to install itself despite the affected laptops running up-to-date anti-virus software. "As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," the company said.

Oracle, which owns the Java software, provided a patch on February 1 that addresses the vulnerability.

Facebook said its security team found no evidence that user data was compromised but said other businesses had been attacked and infiltrated as well. "We will continue to work with law enforcement and the other organizations and entities affected by this attack," the blog post said.

Earlier this month, the social networking website Twitter also revealed it was also the victim of a cyber attack that exploited a vulnerability in Java software. That attack allowed hackers to access user names, e-mail address, session tokens, and encrypted passwords for approximately 250,000 users.

-- © BNO News All rights reserved 2013-02-17

[chrisinth]

This should make some people sit up and pay attention to the security measures they take on their hardware. I say hardware because it is no longer just Window based devices at risk. It appears that both the Twitter and Facebook attacks were through vulnerabilities in Java which is probably one of the biggest used applications in use today, not very good for Java.

The problems with the social network world, and I for one would endorse the concept of them in their original form, is that the hosts have got greedy by "forcing" the user to expand their networks through pressure. More clicks on the website, more revenue for the host! When an exploit like this comes along, the security sections are hoping that the compromize is minimal, but judging by the wording of the report, they are not sure how deep it has penetrated.

[crazydrummerpauly]

'Anonymous' can crash anything that irks them or goes after them. They brought down Paypal and Visa when they stopped processing donations for Wikileaks, so it goes way beyond social media - anyone or any company who claims to be offering complete security/safety on the 'net should not be believed.