Skip to main content

Facebook says its engineers’ computers were hacked – last month

facebook hackedA handful of Facebook engineers were reportedly victims of a Java-based zero-day hack that riddled the computers in question with malware last month. Fortunately, Facebook figured out the existence of the malware before any further damage was done. But while the incident was reported a month ago, Facebook’s security team just got around to publishing a follow up blog post about the attack. Rest assured the social networks says it “found no evidence that Facebook user data was compromised.”

This zero-day exploit, meaning that this malware was never seen before, was discovered when Facebook “flagged a suspicious domain in [Facebook’s] corporate DNS logs and tracked it back to an employee laptop.” Facebook’s Chief Security Officer, Joe Sullivan, tells Ars Technica that the malware was piggybacking on the HTML of a compromised popular mobile developer Web forum and it could infect both Mac and Windows computers.

Recommended Videos

Anyone visiting the original site would have contracted the malware, which seemed to be the case since Facebook wasn’t the only victim. Facebook, however, hasn’t divulged what other companies have been affected.

According to Facebook, there wasn’t much that could have been done to protect the laptops other than not having visited the infected site in the first place. “The laptops were fully-patched and running up-to-date anti-virus software.” Since the exploit was a zero-day attack in the first place, anti-virus software wouldn’t have been able to detect and protect infected computers. The vulnerability in Java that unknowingly left the door open for this type of malware has since been patched by Oracle on February 1.

Companies with infected computers were notified of the malware, and Facebook is currently working with law enforcement to track down the culprit.

Our personal data may not have been stolen, but Facebook reports that the malware looked like it was peeking into what the social network was working on. So whatever information the affected Facebooks engineers had or accessed on their computers, including code, corporate data, and emails, was stolen.

Java has been on the receiving end of criticism recently. Just last week, another zero-day Java exploit was discovered, although by then it was too late and the attack was already running “arbitrary code” on infected systems. These aren’t the first string of attacks on Java and definitely not the end. And the realization about Java’s many vulnerabilities that are waiting to be discovered will no doubt motivate copycat hackers. To steer clear of possibly compromising your system, you can disable Java on your browser altogether – and that’s a recommendation straight from the U.S. Department of Homeland Security.

Francis Bea
Former Digital Trends Contributor
Francis got his first taste of the tech industry in a failed attempt at a startup during his time as a student at the…
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more
Reddit just achieved something for the first time in its 20-year history
The Reddit logo.

Reddit’s on a roll. The social media platform has just turned a profit for the first time in its 20-year history, and now boasts a record 97.2 million daily active users, marking a year-over-year increase of 47%. A few times during the quarter, the figure topped 100 million, which Reddit CEO and co-founder Steve Huffman said in a letter to shareholders had been a “long-standing milestone” for the site.

The company, which went public in March, announced the news in its third-quarter earnings results on Tuesday.

Read more
Worried about the TikTok ban? This is how it might look on your phone
TikTok splash screen on an Android phone.

The US Supreme Court has decided to uphold a law that would see TikTok banned in the country on January 19. Now, the platform has issued an official statement, confirming that it will indeed shut down unless it gets some emergency relief from the outgoing president.

“Unless the Biden Administration immediately provides a definitive statement to satisfy the most critical service providers assuring non-enforcement, unfortunately TikTok will be forced to go dark on January 19,” said the company soon after the court’s verdict.
So, what does going dark mean?
So, far, there is no official statement on what exactly TikTok means by “going dark.” There is a lot of speculation out there on how exactly the app or website will look once TikTok shutters in the US.

Read more