Facebook has revealed that it was the victim of a “sophisticated attack” that led to malware being installed on employees’ computers. A Facebook security post reveals that the hackers exploited a previously undetected flaw in Java’s built-in security mechanism to infect the developer site, which in turn infected the computers of the Facebook employees.
The Facebook post states that it has reported the matter to Oracle (the company behind Java) and that a security patch has already been issued to resolve the vulnerability. Facebook claims that it has found no evidence to suggest that any data pertaining to Facebook users has been compromised and reveals that it wasn’t the only company to suffer from the attack. Although Facebook didn’t reveal the names of the other companies that were also targeted, PC Mag points out that Twitter had also suffered a similar attack recently, one that it had blamed on Java browser plug-ins. However, in Twitter’s case, the attack did result in user credentials being exposed.
Java has suffered the brunt of hacker attacks in recent weeks resulting in many companies either recommending users to turn off Java plug-ins in their browsers or outright banning Java plug-ins from working on browsers. Oracle was only able to get Apple to unblock Java from working on Safari after releasing multiple security updates within the span of a couple of weeks. Unfortunately, Java still remains an important component in many web applications and will undoubtedly remain the target of hackers in the future.