Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Employees' Laptops Compromised; User Data Believed Safe

Posted by timothy on from the safely-exploited-by-facebook dept.

Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."

5 of 75 comments (clear)

  1. It's good they'll protect your data from thieves.. by Anonymous Coward · · Score: 4, Insightful

    but who's gonna protect people's data from Facebook itself?

  2. Safe? by DoofusOfDeath · · Score: 5, Insightful

    Given Facebook's MO, users should assume that anything Facebook, Inc. had access to is already in the hands of people you can't trust.

    Them being hacked is pretty irrelevant.

    1. Re:Safe? by KiloByte · · Score: 5, Funny

      Are you accusing Mark Zuckerberg of being a hacker?

      No, most hackers can be expected to have some basic integrity.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  3. No user data was compromised by 2phar · · Score: 5, Funny

    Well, that's good to know. I'd hate to think of all those sensitive personal data falling into the hands of some evil corporation that would exploit it to make money with no concern for the privacy of the people involved.

  4. Useless articles by Anonymous Coward · · Score: 4, Insightful

    What's the point of these articles that announce that so and so company's systems have been hacked? They never contain any forensic information about the exploits other than to loosely identify the vulnerable software the bad guys used to get into the system. No identification of the malware installed, no identification of the OS's the laptop were running, no identification of any antivirus products that turned out to be completely useless in stopping the attacks. IOW, no goddamn information that would be useful to anyone who wanted protect themselves from attack, or at least detect whether their system were already compromised.

    The lack of forensic details about the attack provided by Facebook or any of the other companies hit with the java exploit causes great doubt about their claims that no user data was accessed.