Facebook has known about its own breach for at least a month, according to people close to the investigation, but it was unclear why the company waited this long to announce it. Fred Wolens, a Facebook spokesman, said the company wanted to fully investigate the source of the breach before disclosing it. Mr. Wolens said the company was still working closely with law enforcement to determine the source of the attacks.
Facebook admitted that it was breached by sophisticated hackers in recent weeks, two weeks after Twitter made a similar admission. Both Facebook and Twitter were breached through a well-publicized vulnerability in Oracle’s Java software.
In a blog post late Friday afternoon, Facebook said it was attacked when a handful of its employees visited a compromised site for mobile developers. Simply by visiting the site, their computers were infected with malware. The company said that as soon as it discovered the malware, it cleaned up the infected machines and tipped off law enforcement.
“We have found no evidence that Facebook user data was compromised,” Facebook said.
On Feb. 1, Twitter said hackers had breached its systems and potentially accessed the data of 250,000 Twitter users. The company suggested at that time that it was one of several companies and organizations to be have been similarly attacked.
Facebook has known about its own breach for at least a month, according to people close to the investigation, but it was unclear why the company waited this long to announce it. Fred Wolens, a Facebook spokesman, declined to comment.
[…]
