Forum site gives more details on Apple and Facebook hacks

Hackers allegedly accessed employee computers through a forum Web site for software developers -- the site's owner now reveals more about how the cyberattack happened.

Dara Kerr Former senior reporter
Dara Kerr was a senior reporter for CNET covering the on-demand economy and tech culture. She grew up in Colorado, went to school in New York City and can never remember how to pronounce gif.
Dara Kerr
2 min read

The popular forum site that hackers used to access employee computers at Apple and Facebook gave more details today on how the cyberattack happened.

The site's owner Ian Sefferman confirmed previous reports that hackers injected JavaScript into his site, iPhonedevsdk, and were then able to use a previously unknown exploit to access certain user's computers. He also said that the cyberattack most likely ended on January 30, 2013.

Apple revealed yesterday that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple." In a statement, the company said it discovered malware that made use of a vulnerability in a Java plug-in, and that it was sourced from a "website for software developers." Employee computers for Facebook and most likely dozens of other companies were also breached.

Here's more information from Sefferman:

What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers.

We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.

As with Facebook, it's important to stress that we have no reason to believe user data was compromised.

Apple blocked Java from some of its Macs late last month using its XProtect antimalware tool and citing security vulnerabilities.

Roughly 40 companies have been victims of cyberattacks during the past several months. At least some of these hacks are thought to have originated in Eastern Europe, according to a report yesterday by Bloomberg. The supposed goal of these hackers was to steal companies' secrets, research, and intellectual property, which could then be hawked on the black market.

However, it's still unclear if all of the companies were targeted by one group of hackers or if they were isolated incidents. "We're continuing to work with Facebook, Vanilla, other targeted companies, and law enforcement to find out who is behind this sophisticated attack," Sefferman wrote.

CNET is not linking to iPhonedevsdk because of the hack. The URL to Sefferman's blog post is: http://iphonedevsdk.com/forum/site-news-announcements/111889-iphonedevsdk-compromised-what-happened-and-how-we-are-dealing-with-it.html.