Site behind Facebook Java hack apologises for inconvenience

News by Dan Raywood

The website behind the attack on Facebook has been identified.

The web development company behind the compromise of Facebook employees' laptops has apologised for the inconvenience and said that security is a top priority.

In a blog post, iPhoneDevSDK administrator Ian Sefferman said that it was alerted to the fact that its site was "part of an elaborate and sophisticated attack whose victims included large internet companies" and prior to media attention, it had no knowledge of the breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach.

SC Magazine Australia reported that AllThingsD had named the responsible site as iPhoneDevSDK and while Facebook had not confirmed it was to blame, the website was previously down for maintenance. For a time, it displayed a malware warning message within the Chrome browser that said the page contains content from min.liveanalytics.org, a known malware distributor. “Visiting this page now is very likely to infect your computer with malware,” it said.

Facebook wrote in a blog last week that the compromised website hosted an exploit that then allowed malware to be installed on the employee laptops. "The laptops were fully patched and running up-to-date anti-virus software,” it said.

Sefferman said that the issue has nothing to do with Vanilla software, which it uses for its forums, and instead blamed a single administrator account that was compromised. “The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers,” he said.

“We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on 30thJanuary 2013.”

He concluded by saying that he was very sorry for the inconvenience, and thanked Vanilla Forums for its help in the matter and Facebook after it reached out to them.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events