Facebook says its engineers’ computers were hacked – last month

facebook hackedA handful of Facebook engineers were reportedly victims of a Java-based zero-day hack that riddled the computers in question with malware last month. Fortunately, Facebook figured out the existence of the malware before any further damage was done. But while the incident was reported a month ago, Facebook’s security team just got around to publishing a follow up blog post about the attack. Rest assured the social networks says it “found no evidence that Facebook user data was compromised.”

This zero-day exploit, meaning that this malware was never seen before, was discovered when Facebook “flagged a suspicious domain in [Facebook’s] corporate DNS logs and tracked it back to an employee laptop.” Facebook’s Chief Security Officer, Joe Sullivan, tells Ars Technica that the malware was piggybacking on the HTML of a compromised popular mobile developer Web forum and it could infect both Mac and Windows computers.

Anyone visiting the original site would have contracted the malware, which seemed to be the case since Facebook wasn’t the only victim. Facebook, however, hasn’t divulged what other companies have been affected.

According to Facebook, there wasn’t much that could have been done to protect the laptops other than not having visited the infected site in the first place. “The laptops were fully-patched and running up-to-date anti-virus software.” Since the exploit was a zero-day attack in the first place, anti-virus software wouldn’t have been able to detect and protect infected computers. The vulnerability in Java that unknowingly left the door open for this type of malware has since been patched by Oracle on February 1.

Companies with infected computers were notified of the malware, and Facebook is currently working with law enforcement to track down the culprit.

Our personal data may not have been stolen, but Facebook reports that the malware looked like it was peeking into what the social network was working on. So whatever information the affected Facebooks engineers had or accessed on their computers, including code, corporate data, and emails, was stolen.

Java has been on the receiving end of criticism recently. Just last week, another zero-day Java exploit was discovered, although by then it was too late and the attack was already running “arbitrary code” on infected systems. These aren’t the first string of attacks on Java and definitely not the end. And the realization about Java’s many vulnerabilities that are waiting to be discovered will no doubt motivate copycat hackers. To steer clear of possibly compromising your system, you can disable Java on your browser altogether – and that’s a recommendation straight from the U.S. Department of Homeland Security.

Product Review

'Black Ops 4' outshines the games it copies with that Call of Duty polish

Call of Duty: Black Ops 4’s omission of a campaign could have been a deal breaker, but multiplayer, Zombies, and the new Blackout mode make it one of the best shooters of the year.
Computing

Apple CEO demands Bloomberg retract its Chinese surveillance story

Apple CEO Tim Cook is calling on Bloomberg to retract a story alleging that Apple had purchased compromised servers that allowed the Chinese government to spy on Apple. Apple's investigation found no truth to the story.
Mobile

The Kindle Paperwhite is waterproof, so now you can read it in the tub

Amazon released a new version of the Kindle Paperwhite ebook reader, boasting improved software, more storage, and a feature that customers have been asking for: Waterproofing.
Emerging Tech

What the heck is machine learning, and why is it everywhere these days?

Machine learning has been responsible for some of the biggest advances in artificial intelligence over the past decade. But what exactly is it? Check out our handy beginner's guide.
Social Media

3D Facebook photos jump out of the newsfeed, no glasses needed

You're not seeing things -- that photo in your Facebook newsfeed is 3D. Launching today, 3D Facebook Photos use the depth maps from dual-lens smartphones to add dimension to an image as you move your phone.
Social Media

Instagram is testing a new way for you to look through your feed

Instagram is constantly tweaking its app to help give its users the best experience possible, so how do you like the sound of tapping — instead of swiping — to look through your feed?
Computing

Was your Facebook account hacked in the latest breach? Here’s how to find out

Facebook now reports that its latest data breach affected only 30 million users, down from an initial estimate of 50 million accounts. You can also find out if hackers had accessed your account by visiting a dedicated portal.
Mobile

Hinge's new feature wants to know who you've gone out on dates with

With its new "We Met" feature, Hinge wants to learn how your dates are going with matches in its app. That way, it can inject the information into its algorithm to provide future recommendations that better suit its users' preferences.
Social Media

Like a pocketable personal stylist, Pinterest overhauls shopping tools

Pinterest shopping just got a bit better with a trio of updates now rolling out to Pinterest. The first replaces Buyable Pins with Product Pins for more features, including knowing whether or not a product is in stock.
Smart Home

Facebook’s new Portal device can collect your data to target your ads

Facebook confirmed that its new Portal smart displays, designed to enable Messenger-enabled video calls, technically have the capability to gather data on users via the camera and mic onboard.
Social Media

YouTube is back after crashing for users around the world

It's rare to see YouTube suffer serious issues, but the site went down around the world for a period of time on October 16. It's back now, and we can confirm it's loading normally on desktop and mobile.
Social Media

Twitter has sorted out those weird notifications it was sending

Twitter started churning out weird notifications of seemingly nonsensical letters and numbers to many of its users on Tuesday morning. The bizarre incident even prompted Twitter boss Jack Dorsey to get involved.
Photography

Adobe MAX 2018: What it is, why it matters, and what to expect

Each year, Adobe uses its Adobe MAX conference to show off its latest apps, technologies, and tools to help simplify and improve the workflow of creatives the world over. Here's what you should expect from this year's conference.
Home Theater

Facebook might be planning a streaming box for your TV that watches you back

Facebook is reportedly working on a piece of streaming media hardware for your living room with a built-in camera for video calls, something people may not want given the company's recent controversies.