Facebook was hacked last week in a zero-day Java attack that struck the laptops of several of its engineers, not long after the Twitter micro social networking website was hit in a similar attack.
Company said in an exclusive interview with Ars Technica that engineers became aware of the problem when a suspicious domain appear in the Facebook DNS request log. Requests were then tracked to the laptop of an engineer working on development of mobile apps.
Analysis of the files on the laptop then led to discovery of other system that had been attacked by malware installed by the hackers.
Systems that were infected by the malware were contained by a Facebook internal security team, according to the company.
Working with an outside security consulting firm, Facebook discovered “traffic coming from several other companies,” Chief Security Officer Joe Sullivan said in an exclusive interview with Ars Technica.
The attack appeared within the same period as that which exposed cryptographically hashed passwords at Twitter, engineers warned, and Twitter information security director Bob Lord urged users to disable Java in their browsers.
Affected firms in the Facebook attack meanwhile have been notified, and the case was turned over the federal law enforcement officials, Facebook said.