Facebook targeted by cybercriminals, claims no user data compromised

Social media giant Facebook has become the latest target of malicious cybercriminals, in news that may be of interest to any business concerned about vulnerability management.

In a blog post published by the Facebook Security team on February 16, it was confirmed that the website's systems had been targeted as part of a "sophisticated attack" in January 2013.

According to Facebook no user data was compromised during that attack, and the company is now working with law enforcement agencies in order to prevent similar such incidents from occurring.

The attack purportedly occurred when Facebook employees visited a website belonging to a mobile developer which had already been compromised by cybercriminals.

From there, malware was installed on the aforementioned employee's laptops – which Facebook claims were fully patched and running up to date software.

"Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure. As such, we invest heavily in preventing, detecting, and responding to threats that target our infrastructure, and we never stop working to protect the people who use our service," reads the Facebook blog post, which can be viewed here.

"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."

While Facebook chooses not to release official user number data, it was confirmed in October 2012 that over one billion people have now signed up for an account with the website.

Users often choose to store personal information on their Facebook accounts, including email addresses, phone numbers and personal photographs.

Technology experts have predicted that a major data breach would be hugely damaging to Facebook's reputation, with the website often having been the subject of controversy regarding user privacy in the past.

If your organisation is concerned about the potential impact of a data breach or other such cyber security incident, it may be prudent to consider investing in a security audit evaluation in the near future.

According to Facebook it was not the only organisation targeted in this attack, and the Facebook Security Team says it has now moved to share information regarding the exploit with other affected parties.

It has also referred users who believe they have identified a flaw in Facebook security to report it immediately to the website's ethical hacking 'Bug Bounty Program', which offers financial rewards to anybody able to identify a potential vulnerability in the website.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s