Facebook on Friday announced that it’s security was internally breached when employees visited a developer’s site that was infected with malware. No user accounts or information has been compromised and the attack deemed “highly sophisticated” is now being investigated.
This breach was due to a totally new and never reported before (zero day) exploit that somehow bypasses Java sandbox and loads malware on infected systems. This was reported to Oracle and the exploit has now been fully patched. The attack was deemed to have been originated from China and possible goal was to move in and hit the production systems within Facebook, but this however was stopped in very early stages.
As more and more systems are now cloud-based, this type of attacks will escalate regardless of the type of sites (though Facebook is a gold mine of personal information). Proactive monitoring and patching systems as well as rapid response to zero day exploits is the only way to go other then taking everything offline and locking it up. 🙂