Skip to main content

Facebook says its engineers’ computers were hacked – last month

facebook hackedA handful of Facebook engineers were reportedly victims of a Java-based zero-day hack that riddled the computers in question with malware last month. Fortunately, Facebook figured out the existence of the malware before any further damage was done. But while the incident was reported a month ago, Facebook’s security team just got around to publishing a follow up blog post about the attack. Rest assured the social networks says it “found no evidence that Facebook user data was compromised.”

This zero-day exploit, meaning that this malware was never seen before, was discovered when Facebook “flagged a suspicious domain in [Facebook’s] corporate DNS logs and tracked it back to an employee laptop.” Facebook’s Chief Security Officer, Joe Sullivan, tells Ars Technica that the malware was piggybacking on the HTML of a compromised popular mobile developer Web forum and it could infect both Mac and Windows computers.

Related Videos

Anyone visiting the original site would have contracted the malware, which seemed to be the case since Facebook wasn’t the only victim. Facebook, however, hasn’t divulged what other companies have been affected.

According to Facebook, there wasn’t much that could have been done to protect the laptops other than not having visited the infected site in the first place. “The laptops were fully-patched and running up-to-date anti-virus software.” Since the exploit was a zero-day attack in the first place, anti-virus software wouldn’t have been able to detect and protect infected computers. The vulnerability in Java that unknowingly left the door open for this type of malware has since been patched by Oracle on February 1.

Companies with infected computers were notified of the malware, and Facebook is currently working with law enforcement to track down the culprit.

Our personal data may not have been stolen, but Facebook reports that the malware looked like it was peeking into what the social network was working on. So whatever information the affected Facebooks engineers had or accessed on their computers, including code, corporate data, and emails, was stolen.

Java has been on the receiving end of criticism recently. Just last week, another zero-day Java exploit was discovered, although by then it was too late and the attack was already running “arbitrary code” on infected systems. These aren’t the first string of attacks on Java and definitely not the end. And the realization about Java’s many vulnerabilities that are waiting to be discovered will no doubt motivate copycat hackers. To steer clear of possibly compromising your system, you can disable Java on your browser altogether – and that’s a recommendation straight from the U.S. Department of Homeland Security.

Editors' Recommendations

How to block people on Snapchat
The Snapchat app store listing on a mobile device with a stylus resting on it.

Sometimes to maintain your peace on social media apps you need to block certain users from being able to contact you. On Snapchat, you might need to block a friend or just prevent strangers from contacting you at all. We can show you how to do both and how to unblock people if you change your mind later.

Let's take a look at how to block people on Snapchat.

Read more
How to post a Short on YouTube
Two mobile devices showing two people dancing in YouTube Shorts videos.

Shorts are short-form videos and they're basically YouTube's answer to TikTok. And similar to how you can create and post TikTok videos using the TikTok app, you can record, edit, and post Shorts directly from the YouTube mobile app.

And in this guide, we're going to show you how to do just that. Keep reading to learn how to post a Short on YouTube.

Read more
Hive Social is my favorite Twitter alternative, but that’s not saying much
iPhone 14 Pro in hand showing off profile page on Hive Social app

Ever since Elon Musk bought Twitter, it seems that the once-favorite social media site has just been going down in flames. It’s a sad sight to see — fake news and misinformation running rampant from paid “verified” accounts, restoration of formerly banned accounts (they were banned for good reason), and so much other stuff that I just can’t keep up anymore. With all of these changes, there’s been a rise in alternatives to Twitter, like the incredibly popular Mastodon.

I prefer something simpler, like the new Hive Social that has recently made waves. Think of Twitter and Instagram, and what you would end up with if you combined the two. There’s also a little dash of Myspace in there, as you can even add some music to your profile page. I’ve been poking around on Hive Social since I joined a week ago, and while I’ve been enjoying my time there, I also noticed a few things along the way.
Hive reminds me of the early days of Twitter
OnePlus 10T Andy Boxall/Digital Trends

Read more