How Facebook Got Hacked

 Zero-Day Exploit Bypassed Java Protections to Install Malware

Even the most savvy information technologists aren't immune from cyber-attacks. Just ask Facebook. The social-media titan says it fell victim to a sophisticated attack discovered back in January 2013 in which an exploit allowed malware to be installed on employees' laptops. In a blog posted by Facebook Security, the company said it found no evidence that any of social network user's data was compromised. Here's what happened at Facebook according to the blog post:

Several Facebook employees visited a mobile developer website that was compromised. The compromised website hosted an exploit that then allowed malware to be installed on these employees' laptops. "The laptops were fully-patched and running up-to-date anti-virus software," the blog says. "As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement and began a significant investigation that continues to this day."

Facebook Security flagged a suspicious domain in its corporate DNS (Domain Name Servers) logs and tracked it back to an employee laptop. The security team conducted a forensic examination of that laptop and identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.

Facebook found the site was using a previously unseen, zero-day exploit to bypass the Java sandbox (built-in protections) to install the malware. The social-media giant immediately reported the exploit to Oracle, and it provided a patch that addressed the vulnerability.

"As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means," the blog says.

"It is in everyone's interests for our industry to work together to prevent attacks such as these in the future," Facebook says. It is the latest high-profiled media company to reveal it's been victimized by intruders. The New York Times, Wall Street Journal, Twitter and Washington Post have previously reported their websites being attacked.

Read the Full Article Here ==>> http://www.inforisktoday.com/examining-how-facebook-got-hacked-a-5518