Facebook Hit With “Zero-Day” Exploit

Posted Feb 15, 2013

Today Facebook has revealed that they fell victim to a hack attack.  Although Facebook continuously invests in data and infrastructure, Facebook’s Security discovered that their systems have been targeted in a sophisticated attack.  The attack occurred when several employees visited a mobile developed website that was compromised.

The compromised website hosted an exploit which allowed malware to be installed on the employee laptops.  The laptops were patched and had up-to-date anti-virus software.  When Facebook heard about the malware attack, they contacted law enforcement and started to investigate what is happening.

Most importantly, the company has not found any evidence that any Facebook user data was compromised.  Here is what Facebook Security wrote in the blog post:

Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.

After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.