Social Media

Just like Twitter, Facebook admits it was a victim of a “sophisticated” zero-day hack in January

Just like Twitter, Facebook admits it was a victim of a “sophisticated” zero-day hack in January
piers.scott@sociable.co'

Facebook was the victim of a significant, sophisticated, and hitherto unseen, zero-day hack in January, according to a statement released by the company today.  The company says that the attack was discovered last month when “a handful of employees visited a mobile developer website that was compromised.”

Facebook says that it has found no evidence that users’ data was compromised.

The news comes just two weeks after Twitter admitted that it was also hacked.  Writing on its site at the time Twitter warned that its hack was not an “isolated incident” and that it believed that “other companies and organizations have also been recently similarly attacked.”

The Twitter hack resulted is some users’ user names and salted passwords being released. Anecdotally, Google’s Gmail service has also seen an increase in attempted hacks in the past number of weeks.

Writing on its press site the social network said police and security service have been informed are conducting an ongoing investigation.

“Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day. We have no evidence that Facebook user data was compromised in this attack.”

Facebook says its investigation has tracked down the domain which installed malware on employees’ laptops and conducted a “forensic examination” of the compromised laptops. The malware targeted the laptops’ Java services and was able to bypass some of the devices’ internal security systems.

According to Facebook, Oracle was able to produce a security patch on February 1 (the  day before Twitter reported its hack).

Echoing Twitter’s warning from February 2 Facebook says that it was not the only company to have been attacked;

“Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.”

While there is no confirmation that the Twitter and Facebook hacks are related it is likely the case.  It is also highly worrying that both sites should be targeted by what they both describe as “sophisticated hacks” at the same time.

This leads to the question: will we see more revelations from other social networks soon?

Click to add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Social Media
piers.scott@sociable.co'
@pdscott

Piers Dillon-Scott is co-editor of The Sociable and writes about stuff he finds. He likes technology, media, and using the Oxford comma (because it just makes sense).

More in Social Media

francebook

France gives Facebook 3 months to stop spying on non-users, FB agrees to comply

Tim HinchliffeFebruary 12, 2016
fbmarketplace

4 ways that Facebook will change the world in 2016

Emma RosserFebruary 1, 2016
socialmarketing

Social marketers know how you are feeling, trippy or disturbing?

Emma RosserJanuary 29, 2016
citizenjourno

7 Moroccan journalists on trial for advocating citizen journalism via smartphones

Tim HinchliffeJanuary 27, 2016
twitcasmos

Researchers develop ‘sarcasm detector’ for social media

Tim HinchliffeJanuary 21, 2016
zuckerbergmerkel

Facebook bows to Germany, censors anti-migrant speech in Europe

Tim HinchliffeJanuary 20, 2016
social media

Social media giants battle-it-out for global dominance in 2016

Emma RosserJanuary 4, 2016
drone

Twitter-a-Flitter: Social media giant granted patent for ‘dronies’

Tim HinchliffeDecember 28, 2015
hackers2

Hackers ping Islamic State social media accounts to British Govt

Tim HinchliffeDecember 15, 2015