Social Media

Just like Twitter, Facebook admits it was a victim of a “sophisticated” zero-day hack in January

Just like Twitter, Facebook admits it was a victim of a “sophisticated” zero-day hack in January'

Facebook was the victim of a significant, sophisticated, and hitherto unseen, zero-day hack in January, according to a statement released by the company today.  The company says that the attack was discovered last month when “a handful of employees visited a mobile developer website that was compromised.”

Facebook says that it has found no evidence that users’ data was compromised.

The news comes just two weeks after Twitter admitted that it was also hacked.  Writing on its site at the time Twitter warned that its hack was not an “isolated incident” and that it believed that “other companies and organizations have also been recently similarly attacked.”

The Twitter hack resulted is some users’ user names and salted passwords being released. Anecdotally, Google’s Gmail service has also seen an increase in attempted hacks in the past number of weeks.

Writing on its press site the social network said police and security service have been informed are conducting an ongoing investigation.

“Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day. We have no evidence that Facebook user data was compromised in this attack.”

Facebook says its investigation has tracked down the domain which installed malware on employees’ laptops and conducted a “forensic examination” of the compromised laptops. The malware targeted the laptops’ Java services and was able to bypass some of the devices’ internal security systems.

According to Facebook, Oracle was able to produce a security patch on February 1 (the  day before Twitter reported its hack).

Echoing Twitter’s warning from February 2 Facebook says that it was not the only company to have been attacked;

“Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.”

While there is no confirmation that the Twitter and Facebook hacks are related it is likely the case.  It is also highly worrying that both sites should be targeted by what they both describe as “sophisticated hacks” at the same time.

This leads to the question: will we see more revelations from other social networks soon?

Click to add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Social Media'

Piers Dillon-Scott is co-editor of The Sociable and writes about stuff he finds. He likes technology, media, and using the Oxford comma (because it just makes sense).

More in Social Media


How Latin America reacts to Paris attacks on social media [Memes]

Tim HinchliffeNovember 23, 2015

Social media news filters dominate content as attention spans decline [Interview]

Emma RosserNovember 18, 2015

The Waiting Game: How People Planned a Night Out Before Smartphones Made Everything Easy

Guest ContributorOctober 29, 2015

A digital ‘magic looking glass’ for sharing updates from social hotspots to the conflict in Ukraine

Craig CorbettOctober 26, 2015
Modern business concept

Is Social Media Marketing Effective? Maybe Not As Much As You’d Think

Guest ContributorOctober 22, 2015
Twitter laptop

Twitter’s advice to marketers, “push while the door is open”

Piers Dillon ScottOctober 30, 2013

Facebook warnings everyone should know

Antonie GeertsOctober 29, 2013
sockies - Irish Social Media Awards

All the winners from the 2013 Irish Social Media Awards #sockies13

Piers Dillon ScottMay 30, 2013
Irish Social Media Awards

YouTube and HubSpot to award the best of Ireland’s social media #sockies

Piers Dillon ScottMay 13, 2013