Want CNET to notify you of price drops and the latest stories?

Facebook says it was hacked, claims member data safe

In January, employees at the social network unknowingly downloaded malware that compromised the security of the site.

Jennifer Van Grove Former Senior Writer / News
Jennifer Van Grove covered the social beat for CNET. She loves Boo the dog, CrossFit, and eating vegan. Her jokes are often in poor taste, but her articles are not.
Jennifer Van Grove

Facebook today admitted that its systems were hacked last month when staffers unknowingly installed malware to laptops. The social network called the attack sophisticated, but claimed that no user data was compromised.

"This attack occurred when a handful of employees visited a mobile developer website that was compromised," Facebook said in a statement posted today on its security blog. "The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops."

The social network identified the attack as a "zero day" Java exploit that allowed the website in question to bypass employees' security software and install the offending software. Oracle, which manages Java, was alerted to the vulnerability. The company issued a patch to fix the problem on February 1, Facebook said.

Despite only admitting to the hack after the fact, Facebook hopes to reassure users that their personal information was not passed on to attackers. "Foremost, we have found no evidence that Facebook user data was compromised," the company said.

Facebook said that it is in cooperation with law enforcement and has worked with other organizations that were victims of the same exploit.