SecurityTube

Facebook hit by 'sophisticated attack'; Java zero-day exploit to blame

JB

Facebook was hacked last month, the company said today, but was keen to stress that they have not found any evidence that user data was compromised.

In the note, the one-billion strong social network—the largest in the world—said that while it is "frequently targeted by those who want to disrupt or access our data and infrastructure," company employee laptops became infected after visiting a Web site containing malware.

Facebook said that it suffered at the hands of a Java zero-day exploit that was able to bypass the software's sandbox—a system that keeps whatever applet is running in a safe place away from system files.

This was reported to Oracle and has since been fixed. It is believed that Java 7 (Update 13) fixed the exploit, which was released on February 1, according to timing, but Facebook did not go into specifics.