Facebook Security team has confirmed that Facebook was hacked but has assured that the user data was not compromised during this hack. The reason for the hack is said to be a malware that spread via a popular mobile developers’ website, which was accessed by a number of employees inside the company’s firewall.
Following the hacking activities on The Wall Street Journal, Twitter and The New York Times, it is now Facebook, which has confirmed that they were one among the few who were hacked last month. Even though the Facebook’s security team is strong, the social network was hacked by a malware, which bypassed the Java Sandboxes, and the malware managed to give access to the internal networks for the hackers. Oracle, which manages the Java Sandboxing for Facebook, provided a patch for this vulnerability immediately after the hack was reported, and now, the issue seems to have been fixed inside the world’s largest social network’s offices.
The Facebook Security Team has issued a statement today, stating that they did not find any evidence of user data being compromised during this hack. It is also noted that the team was trying to sinkhole the incoming traffic from the command server. Interestingly, the malware was smart enough to gain traffic from a lot of other companies across, making it difficult for the team to trace its origin. Facebook’s Chief Security Officer, Joe Sullivan, noted that they intimated the companies which were under attack, and also moved the face to the Federal Law Enforcement to take up this case.
Digging more into this issue, Joe Sullivan revealed that the attack was detected when they found that their servers were having traces of a different domain name, in the Name Service request logs. The malware was downloaded when the Facebook engineers visited a particular developers’ website, which had the malware injected into the site’s header. One another information that was observed was that the attack happened around the same time Twitter and other websites were being hacked.
While the malware used the victim’s computer to download other malware into the system, and it seemed to have automatically spreading itself in the victim’s machine (On both Windows and Mac computers).