Facebook hacked, says no user data compromised - CNN.com

Facebook hacked, says no user data compromised

Heather Kelly, CNN

Facebook says it has found no evidence that any user information was compromised in a hack last month.
Facebook says it has found no evidence that any user information was compromised in a hack last month.
STORY HIGHLIGHTS
  • Facebook says it was hacked in January when employees visited a compromised website
  • The social network has found no evidence that any user data was obtained by the hackers
  • This is latest in a string of high-profile hacks this year

(CNN) -- Facebook says it was recently hacked, though it says no data about its more than a billion users was compromised.

The company described the "sophisticated attack" in a blog post on Friday, saying it took place in January when a small number of employees visited a compromised website that installed malware on their machines.

"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement and began a significant investigation that continues to this day," Facebook Security said in the post.

Facebook, the largest social network in the world, is the latest high-profile site to be hacked this year. Twitter announced a similar intrusion earlier this month, and major news organizations including The New York Times, Wall Street Journal and Washington Post have also admitted to being hacked.

The news sites attributed the breaches to hackers working for the Chinese government, but neither Facebook nor Twitter mention China when describing their attacks.

"Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well," said the blog post. "As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. "

Unlike Twitter, Facebook said it has found no evidence that any user information was compromised. Twitter said that user names, encrypted passwords and e-mail addresses for as many as 250,000 users were potentially grabbed by the hackers. It reset passwords for all affected accounts.

The string of hacks have primarily exploited vulnerabilities in the programming language Java, which is installed on most computers by default. Facebook said the site responsible for its attack took advantage of a previously unknown Java vulnerability, which Oracle patched on February 1.

In January, the Department of Homeland Security issued an alert about the security-challenged software and recommended people turn it off on their computers. Apple turned off Java by default for its OS X users as a precaution. Full instructions on how to disable Java on any computer can be found on Oracle's website. If you must use Java, make sure that you have downloaded the latest updates, which include key security patches.

Facebook said it will continue to work with law enforcement and others in the industry to prevent future attacks.

Comments