World

Facebook admits hackers breached their systems

Intruders recently infiltrated the systems running the world's largest online social network but did not steal any sensitive information about Facebook's more than one billion users, according to a blog posting Friday by the company's security team.

Social network's security team says information on website's 1 billion users was not stolen

Facebook's security team wrote in a blog post Friday that intruders recently gained access to systems running the world's largest online social network, but failed to steal information. (Paul Sakuma/Associated Press)

Facebook is getting an unwelcome look at the shady side of the hacking culture that CEO Mark Zuckerberg celebrates.

Intruders recently infiltrated the systems running the world's largest online social network but did not steal any sensitive information about Facebook's more than one billion users, according to a blog posting Friday by the company's security team.

The revelation is the latest breach to expose the digital cracks in a society and an economy that is storing an ever-growing volume of personal and business data online.

The news didn't seem to faze investors. Facebook Inc.'s stock dipped 10 cents to $28.22 US in Friday's extended trading.

1 Hacker Way

The main building at Facebook's Menlo Park, Calif., headquarters lists its address as 1 Hacker Way. From there, Facebook serves as the gatekeeper for billions of potentially embarrassing photos and messages that get posted each month.

This time, at least, that material didn't get swept up in the digital break-in that Facebook said it discovered last month. The company didn't say why it waited until the afternoon before a holiday weekend to inform its users about the hack.

It was a sophisticated attack that also hit other companies, according to Facebook, which didn't identify the targets.

"As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," Facebook wrote on the blog.

Online short-messaging service Twitter acknowledged being hacked earlier this month. In that security breakdown, Twitter warned that the attackers may have stolen user names, email addresses and encrypted passwords belonging to 250,000 of the more than 200 million accounts set up on its service.

Late last month, both the New York Times and the Wall Street Journal — two of the three largest U.S. newspapers — said they were hit by China-based hackers believed to be interested in monitoring media coverage of topics that the Chinese government deemed important.

Facebook didn't identify a suspected origin of its hacking incident, but provided some details about how it apparently happened.

Malware installed on employee's laptops

The security lapse was traced to a handful of employees who visited a mobile software developer's website that had been compromised, which led to malware being installed on the workers' laptops. The PCs were infected even though they were supposed to be protected by the latest anti-virus software and were equipped with other up-to-date protection.

Facebook linked part of the problem to a security hole in the Java software that triggered a safety alert from the U.S. Department of Homeland Security last month. The government agency advised computer users to disable Java on their machines because of a weakness that could be exploited by hackers.

Oracle Corp., the owner of Java, has since issued a security patch that it says has fixed the problem. In its post, Facebook said it received the Java fix two weeks ago.

Facebook never mentioned the word "hack" in describing the breach. That, no doubt, was by design because hacking is a good thing in Zuckerberg's vernacular.

To most people, hacking conjures images of malevolent behaviour by intruders listening to private voicemails and villains crippling websites or breaking into email accounts.

Zuckerberg provided his interpretation of the word in a manifesto titled The Hacker Way that he included in the documents that the company filed for its initial public offering of stock last year.

"The word 'hacker' has an unfairly negative connotation from being portrayed in the media as people who break into computers," Zuckerberg wrote. "In reality, hacking just means building something quickly or testing the boundaries of what can be done."