Facebook: Breach allowed malware installation

Follow us on Twitter @AJCBiz

Facebook revealed Friday that it was the victim of a breach when malware was installed on laptops used by employees who visited a mobile developers’ infected website last month.

The social network, with more than 1 billion users, said it found no evidence that user data or its infrastructure was compromised by the malware, which is software designed to damage or disable computers or computer systems.

Facebook said it is regularly the target of such attacks and “the vast majority of the time” it is able to block the efforts, but not last month, the company said in a posting on its website:

The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.

The company did not say the date the attack occurred or how many employee laptops were compromised. In the same posting, the company revealed how the malware was installed:

After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.

The Next Web noted that on Feb. 1 Oracle released Java 7 Update 13, a patch that addressed 50 vulnerabilities “because Oracle was notified of ‘active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers.’” Facebook said other sites were also attacked and infiltrated recently.

If you’re wondering why Facebook is only now revealing the malware problem, The Next Web thinks it has the answer.

The reason is simple: don’t share bad news until you have something good to say (in this case, that user data is safe as far as the company can tell right now, the malware has been removed, and the flawed software has been patched).

5 comments Add your comment


February 15th, 2013
8:56 pm

Myra Carson

February 15th, 2013
9:06 pm

My status posting are going crazy. FB is posting status updates from over a year ago instead of current status postings. I don’t know how to fix this. It is driving me nuts!!!!!


February 15th, 2013
9:11 pm

Hahahahahah! All the stupid id-juts that use Facebook…. you’re getting fleeced sheeples.

Fred ™

February 16th, 2013
7:25 am

Hell, Facebook IS malware. Biggest piece of spyware ever invented…….


February 21st, 2013
11:34 am

Fred, PERFECT description.