Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Employees' Laptops Compromised; User Data Believed Safe

Posted by timothy on from the safely-exploited-by-facebook dept.

Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."

15 of 75 comments (clear)

  1. thats what happens when by Anonymous Coward · · Score: 2, Insightful

    you use windows as your dev environment

    1. Re: thats what happens when by cyber-vandal · · Score: 3, Informative

      It's "would have" you ignorant moron.

    2. Re: thats what happens when by Anonymous Coward · · Score: 2, Funny

      What's a "beehive asshole"?

  2. It's good they'll protect your data from thieves.. by Anonymous Coward · · Score: 4, Insightful

    but who's gonna protect people's data from Facebook itself?

  3. Safe? by DoofusOfDeath · · Score: 5, Insightful

    Given Facebook's MO, users should assume that anything Facebook, Inc. had access to is already in the hands of people you can't trust.

    Them being hacked is pretty irrelevant.

    1. Re:Safe? by KiloByte · · Score: 5, Funny

      Are you accusing Mark Zuckerberg of being a hacker?

      No, most hackers can be expected to have some basic integrity.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    2. Re:Safe? by Runaway1956 · · Score: 2

      Zuckerberg has successfully social-engineered about half the people in the US. Social engineering is a hacker skill, isn't it? People fall all over themselves to provide Zuck with their personal details.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  4. Wait, this increased security? by squiggleslash · · Score: 2

    Facebook's users finally have privacy because someone got in and hacked into Facebook's laptops? What did they do, disable the graph API?

    --
    You are not alone. This is not normal. None of this is normal.
    1. Re:Wait, this increased security? by oztiks · · Score: 2

      The word on the street is that they tied FB profile authentication in with their lobby entrance security systems, so unless you have a FB profile you can't enter the building.

  5. No user data was compromised by 2phar · · Score: 5, Funny

    Well, that's good to know. I'd hate to think of all those sensitive personal data falling into the hands of some evil corporation that would exploit it to make money with no concern for the privacy of the people involved.

  6. User data should never be decrypted. by elucido · · Score: 2, Interesting

    I don't see why it would be so difficult to keep user data safe. Keep it encrypted, use a VPN, stream the data to memory but never store any of it unencrypted.

  7. Useless articles by Anonymous Coward · · Score: 4, Insightful

    What's the point of these articles that announce that so and so company's systems have been hacked? They never contain any forensic information about the exploits other than to loosely identify the vulnerable software the bad guys used to get into the system. No identification of the malware installed, no identification of the OS's the laptop were running, no identification of any antivirus products that turned out to be completely useless in stopping the attacks. IOW, no goddamn information that would be useful to anyone who wanted protect themselves from attack, or at least detect whether their system were already compromised.

    The lack of forensic details about the attack provided by Facebook or any of the other companies hit with the java exploit causes great doubt about their claims that no user data was accessed.

  8. "zero day" is as bad as l337 speak by Anonymous Coward · · Score: 3, Interesting

    Can we all stop saying zero day? it's just an attempt to sound cool and hackish and it means nothing. it's a vulnerability, and it has an exploit and no patch is available, as opposed to unpatched.

    if they release new software that they brag is secure, and you have an exploit that already compromises a vuln, ok, you have a zero day because that's day one of something. then it makes sense. otherwise, it's false street cred and bravado.

  9. Who cares? by ilsaloving · · Score: 2

    Your data was spread across the 4 winds as soon as you started using Facebook.

    The only "problem" here is that your data has now been around the globe without Facebook getting to monetize the transaction.

  10. "User Data Safe" by Mark+Rawls · · Score: 3, Insightful

    I think that's the first time that the phrases "user data believed safe" and "Facebook" have been uttered in the same sentence.