Facebook has disclosed that its service was attacked in January by some hackers “who want to disrupt or access our data and infrastructure.
“Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day”, it said.
It however said that it found no evidence that its user data was compromised.
It said that Facebook Security has a team dedicated to tracking threats and monitoring its infrastructure for attacks at all times.
“In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.”
Facebook said that after analyzing the compromised website where the attack originated, it found it was using a "zero-day" (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware.
“We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”
For Latest Updates Visit : http://www.facebook.com/pages/TelecomTiger/429104257149437 |