Zero Day Java Vulnerability Compromises Computers of Facebook Employees

Last month, a number of major companies such as the New York Times, Washington Post and most recently, Twitter had revealed that they were targeted by hackers leading to some form of data breach.
In a recent development, Facebook has also now revealed that some of the computers of its employees were hacked by using a Java exploit. In a blog post penned yesterday, Facebook security team says,

[…] In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.
After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware.

The computers were compromised when the victims visited a mobile developer website that was compromised to host a zero day exploit, which installed malware on the victim’s PCs. Facebook contacted Oracle regarding the exploit and they released a patch for the same on February 1^st.
Facebook says that other companies were targeted in a similar manner and they are working with the affected companies and law enforcement officials to track the source of the attack.
And most importantly for us, there is no evidence that any kind of user data was exposed. Well, that’s a relief!
Original Source: Facebook