GO
Loading...

Facebook Reveals Hack Attack, Says User Data Not Compromised

Just two weeks after Twitter announced it was hacked, Facebook revealed that it was hacked last month in what it called "a sophisticated attack."

But the social network said, "We have found no evidence that Facebook user data was compromised."

An investigation is ongoing, and Facebook said it is "working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future."

(Read More: 10 Ways Companies Get Hacked.)

What happened?

Facebook said that a handful of employees visited a compromised mobile developer website. That compromised website allowed malware to be installed on their laptops.

Is Facebook at fault?

The company said the laptops were "fully-patched and running up-to-date anti-virus software." Furthermore, it said anti-virus software could not have prevented this attack, which was particularly sophisticated.

(Read More: How to Defend Against a Cyberattack.)

What does it mean for Facebook's one billion users?

At this point it means nothing. There's no reason to think that personal information was shared. The company is clearly sensitive to how terrible an information breach would be for user trust.

Daniel Acker | Bloomberg | Getty Images

But this latest hack attack does raise major concerns about all the personal information people share online. When Twitter was hacked, more than 250,000 accounts may have been accessed. After the Wall Street Journal was hacked, Rupert Murdoch pointed to the Chinese government.The New York Times and the Washington Post have also suffered recent attacks.

(Read More: Many Americans Fear Cyber Warfare: Survey.)

What can Facebook users do about what appears to be a growing problem?

After Twitter was hacked, the company recommended that users turn off Oracle's Java. Facebook also blames Java, saying, "we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware."

Facebook said that after it reported this to Oracle, it "confirmed our findings and provided a patch on February 1, 2013 that addresses this vulnerability."

(Read More: This Company Profits From Cyberwars.)

We're sure to hear more about the role that Java plays in hack attacks, and in the meantime, it could be worth turning off Java.

We'll also see what Facebook and the other companies it's working with—in what it calls "an informal working group"—can yield in the battle against the surging hacker threat.

—By CNBC's Julia Boorstin; Follow her on Twitter: @JBoorstin

Symbol
Price
 
Change
%Change
FB
---
ORCL
---

Featured

  • Working from Los Angeles, Boorstin is CNBC's media and entertainment reporter and editor of CNBC.com's Media Money section.