Facebook Inc. (NASDAQ:FB) discovered it was the victim of a “sophisticated attack” on its network last month, but the company delayed announcing the attack until Friday. It has assured users that no personal data has been compromised.
Facebook has revealed very little about the attack, but the company said in a statement that it was enabled by malware installed on the laptop personal computers of some of its employees who visited a mobile developer website that was compromised.
According to the company: “Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit, which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date antivirus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day. We have no evidence that Facebook user data was compromised in this attack.”
A Facebook representative also told Gizmodo via email, “We were able to investigate user data compromise [sic] by forensic analysis on the affected devices and infrastructure.”
At this point, it is unknown why Facebook waited a month to disclose any information about the attack.