The same time the Wall Street Journal, New York Times and Twitter were attacked, there was a fourth company that also fell victim to a “sophisticated attack.”
Facebook, which is home to more than a billion users worldwide, was hit by a zero-day exploit that installed malware on a handful of their employees’ laptops. Apparently, the employees visited a mobile developer website that was compromised and hosted the zero-day exploit that bypassed their Java sandbox protections.
The company notes that they contacted Oracle regarding the attack and they responded with a patch that was released on February 1. They also say that all their employees’ computers had up-to-date virus protection, and that the affected computers were fixed and authorities were notified right away.
But the important thing here is, what about everyone’s data? Was that compromised in the attack? Facebook says no. “We have found no evidence that Facebook user data was compromised,” the company said in a statement on the site. But you really have to wonder, why did take so long to notify the public about the attack?
Investigations regarding the attack are still ongoing. Hopefully we don’t find out a month later that user data was compromised after all.