Facebook today admitted that its systems were hacked last month when staffers unknowingly installed malware to laptops. The social network called the attack sophisticated, but claimed that no user data was compromised.
"This attack occurred when a handful of employees visited a mobile developer website that was compromised," Facebook said in a statement posted today on its security blog. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops."
The social network identified the attack as a "zero day" Java exploit that allowed the website in question to bypass employees' security software and install the offending software. Oracle, which manages Java, was alerted to the vulnerability. The company issued a patch to fix the problem on February 1, Facebook said.
Despite only admitting to the hack after the fact, Facebook hopes to reassure users that their personal information was not passed on to attackers. "Foremost, we have found no evidence that Facebook user data was compromised," the company said.
Facebook said that it is in cooperation with law enforcement and has worked with other organizations that were victims of the same exploit.