Facebook Admits Network Was Hacked by Java Bug

By Cynthia Herbert :: 4:29 PM

“Facebook” and “hacked”. Two words that most of us don’t ever want to see put together, due to how much information and portions of our lives we’ve trusted the social network with.

But that’s exactly what happened late last month to the world’s largest social network, as it became the victim of a sophisticated attack through Java software, known as a zero-day bug. A zero-day bug is a type of malicious attack that can exploit a previously unknown vulnerability in a computer software application – meaning that the attack occured on “day zero” of awareness of the software’s vulnerability to attack.

In this case, some Facebook developers had their company-issued computers infected after they had visited a third-party mobile developer website. Unbeknownst to the Facebook employees, hackers had compromised the developer website and installed malicious code that could exploit a security hole in the Java plugin of their web browsers. The exploit was then able to install some malware programs onto the Facebook employee computers.

Facebook released a statement about the incident, saying that the attack did not expose any Facebook user data, and it was contained only to the laptops of a small number of Facebook developers.

In general, Facebook has been very public and forthcoming about the hacking attempt, and how it handled the aftermath. The attack occurred within the same timeframe as the exploit that exposed  passwords on Twitter. While Twitter was not as publicly open about how that attack happened or how it was discovered, it did mention a Java browser plugin exploit, and urged users to disable Java functionality in their browsers.