Facebook on Friday said that it fell victim in January to sophisticated international hacking efforts, but has found no evidence that user data was released. The billion-user social network said that "Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well."
Both the new Facebook breach and
Twitter's attack were implemented using flaws in Java. Facebook said it was attacked when a handful of its employees visited a compromised site for mobile developers. Simply by visiting the site, their computers were infected with data collection and distribution tools.
Facebook said security experts spotted a suspicious file on the company network and traced it back to an employee's work-issued laptop. After conducting a forensic examination of the laptop's file structure, Facebook said it identified a maliciously crafted file. Following the discovery the company searched the entire company's IT infrastructure and identified "several other compromised employee laptops."
Facebook spokesman Fred Wolens said that the company delayed announcing the security breach until it had a chance to completely investigate. Wolans claimed the company was working with law enforcement to identify the perpetrators. A patch for the exploit was provided to Facebook by Oracle on February 1.