Facebook has officially announced that its website has been hacked in January with the “help” of a zero-day Java attack.
Facebook, the largest social networking website in the world, said that its security team has discovered that the systems were hacked by an unidentified group using a zero-day Java attack.
The hack occurred in January and it affected the whole site, but there is good news: user data has not been accessed by the hackers.
The website, which has more than one billion users, was not the only company targeted by hackers using the same exploit. Last month, The Wall Street Journal, The New York Times, The Washington Post, and Twitter were all attacked by hackers using zero-day Java exploit.
“No data was compromised”
This kind of attack installs malware on computers using an exploit in the Java code. According to Facebook, several of its employees visited a mobile developer’s website which was compromised.
When Twitter was hacked, it had reported that more than 250,000 accounts were compromised. However, the Facebook Security team confirmed that it did not find any indication that any user data had been compromised.
The company confirmed that it cleaned the computers and that the malware was not found on other devices or PCs. Moreover, Facebook contacted Oracle, Java’s developer after purchasing Sun, which released an update to correct the issue.
At the moment, there is no other security issue on Facebook. The social networking website adds that it is working on new projects that would remove the dependence on Java plug-ins. However, there are many businesses which rely on Java, therefore the process may take a while.
The law enforcement authorities were informed about the attack, while thousands of users had expressed their concerns. Although Facebook claims no data was compromised, the users have to take the company’s words for it. An official investigation needs to be started, in order to see whether the photo sharing website spoke the truth.
Too many security issues with Facebook and its assets, including Instagram
This attack had a bad timing, amid privacy concerns. Facebook is already accused of sharing too much user data with developers. Recently, one of the company’s most-prized assets, Instagram, changed its Terms of Service to match those found on Facebook. The new and controversial ToS were criticized by the users and a class-action lawsuit was filed against the photo sharing website.