The popular forum site that hackers used to access employee computers at Apple and Facebook gave more details today on how the cyberattack happened.
Apple revealed yesterday that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple." In a statement, the company said it discovered malware that made use of a vulnerability in a Java plug-in, and that it was sourced from a "website for software developers." Employee computers for Facebook and most likely dozens of other companies were also breached.
Here's more information from Sefferman:
We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.
As with Facebook, it's important to stress that we have no reason to believe user data was compromised.
Apple blocked Java from some of its Macs late last month using its XProtect antimalware tool and citing security vulnerabilities.
Roughly 40 companies have been victims of cyberattacks during the past several months. At least some of these hacks are thought to have originated in Eastern Europe, according to a report yesterday by Bloomberg. The supposed goal of these hackers was to steal companies' secrets, research, and intellectual property, which could then be hawked on the black market.
However, it's still unclear if all of the companies were targeted by one group of hackers or if they were isolated incidents. "We're continuing to work with Facebook, Vanilla, other targeted companies, and law enforcement to find out who is behind this sophisticated attack," Sefferman wrote.
CNET is not linking to iPhonedevsdk because of the hack. The URL to Sefferman's blog post is: http://iphonedevsdk.com/forum/site-news-announcements/111889-iphonedevsdk-compromised-what-happened-and-how-we-are-dealing-with-it.html.