Welcome to WebmasterWorld Guest from 50.17.114.227

Forum Moderators: httpwebwitch & not2easy

Message Too Old, No Replies

Facebook Says It Found No Evidence Of User Data Hacked

     
6:07 pm on Feb 16, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22287
votes: 236


After analyzing the compromised website where the attack originated, we found it was using a "zero-day" (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.

Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.

There are a few important points that people on Facebook should understand about this attack:

- Foremost, we have found no evidence that Facebook user data was compromised.

- We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.

Facebook Says It Found No Evidence Of User Data Hacked [facebook.com]
4:30 am on Feb 17, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member

joined:Apr 14, 2010
posts:3169
votes: 0


It looks like a "zero day" Java exploit is being blamed so Java's rep takes another beating and by sophisticated they mean they didn't target Facebook directly, they targeted employee laptops and used those to gain access instead.

A company is only as strong as the weakest link in their chain when it comes to hacking.