Facebook is the latest major Internet company to admit that it’s been victimized by hackers, but says it’s found no evidence that user information was compromised.
In a blog post this afternoon, Facebook says it discovered the hack last month after “a handful of employees” had visited a compromised website. The website hosted an exploit that installed malware on its employees’ computers.
“We have found no evidence that Facebook user data was compromised,” the post says in bold lettering.
Facebook says the episode was the result of a “sophisticated attack,” one that involved a zero-day Java exploit. Facebook’s Chief Security Officer, Joe Sullivan, tells Ars Technica that the hackers were “trying to move laterally into our production environment” and were able to access information from the employee laptops, such as corporate email/date and software code.
Two weeks ago, Twitter announced that it had been hacked and up to 250,000 users accounts may have been accessed. At the time, Twitter didn’t specifically say it was the result of a Java exploit, but the company did echo a Homeland Security advisory that users should disable Java in their browsers.
In both of their announcements — Twitter’s then and Facebook’s today — the companies agree that these are not isolated incidents.