Several Facebook employee laptops were infected in a “sophisticated attack” after they visited a compromised mobile developer’s site, the company wrote in a blog post Friday.
Facebook security discovered a “suspicious domain” in the company’s “DNS logs and tracked it back to an employee laptop.” Malware was found on the laptop, and then identified on several other employee laptops.
“As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day,” said Facebook.
“After analyzing the compromised website where the attack originated, we found it was using a ‘zero-day’ (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. …We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability,” Facebook said, adding, “We have found no evidence that user data was compromised.”
Twitter admitted that on Feb. 1, data for 250,000 users had been compromised.