Social networking giant Facebook revealed on Friday that its IT systems were compromised in a sophisticated, targeted attack. No customer data was stolen in the attack, however.
"Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack," the company said on its blog. "This attack occurred when a handful of employees visited a mobile developer website that was compromised."
The website in question had itself been compromised and when the employees visited the site it remotely installed malware, based on a previously unknown, "zero day" exploit of programming platform Java, on to their laptops.
"The laptops were fully-patched and running up-to-date anti-virus software," Facebook said. "As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."
Facebook said it discovered the breach when its spotted a suspicious domain in its corporate Internet history.
The Palo Alto, California-based company said it found no evidence of user data compromised in the attack. While it did not speculate as to the origins of the attack, it said that "Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well."
"In Facebook’s case they claim no data loss, which is difficult to guarantee, unless data access is regulated with proper controls," said Barry Steiman, senior security strategist at Imperva, in a statment.
"Facebook is considered a young company employing brilliant minds that are very good at what they do, and as a technology driven company most of its employees would be considered technology aware. And yet, a malware drive-by has caused a breach."