Facebook has confirmed it was targeted by a "sophisticated attack" last month but maintains no user data was compromised.

Facebook Hacked - No User Data Compromised
Facebook is the latest company to admit it has been the target of sophisticated attacks by hackers. (Credit: Reuters)

A month after Twitter reported that it had been targeted by hackers, Facebook has admitted that its systems were compromised after several employees visited a developer website which had been hacked.

The website in question hosted an exploit which meant malware was downloaded and installed to the computers of the Facebook staff in question.

A statement posted this evening (15 February) on Facebook said: "The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."

Facebook said it had found no evidence that Facebook user data was compromised, though it believes it was not alone in being targeted:

"It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected."

Targets

Facebook is the latest in a long line of high profile organisations to be targetted by hackers. Last month it was revealed that 250,000 Twitter accounts had been compromised with Twitter saying the attack "was not the work of amateurs."

Last week it was revealed that media outlets including the New York Times, Wall Street Journal and Washington Post had all been the target of sophisticated attacks by hackers believed to be based in China.

Facebook has a dedicated team to track threats and monitor the company's infrastructure for attacks. Last month the team flagged a suspicious domain in its corporate DNS logs and tracked it back to an employee laptop.

Examination

After conducting a forensic examination of that laptop, Facebook identified a malicious file, and having conducted a company-wide search, flagged several other compromised employee laptops.

Following analysis of the breach, it was discovered that the website used a Java zero-day exploit which by-passed the in-built security on Facebook's systems. Facebook has informed Oracle of the newly discovered flaw in Java and it provided a patch for the exploit on 1 February.

Java is one of the most commonly exploited pieces of software and security experts regularly recommend users disable Java unless it is a necessity.