Facebook Hacked Via Java Flaw…. Time To Change Your Password
The title sounds alarmist, but these days you never know the extent of any hack. Thus it’s better to be safe than sorry. In any case, The news leaked out yesterday that Facebook was hacked:
“Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack,” the blog post reads. “We have found no evidence that Facebook user data was compromised. As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future.”
Lovely, what makes this scary is the fact that the site was hacked via a Java vulnerability:
The lesson, for those who haven’t heard it several dozen times already: Disable Java in your browser. (Security blogger Brian Krebs offers a useful guide to disabling Java in any browser here.) Oracle has made clear over the last year that it can’t or won’t suss out and patch the endless collection of hackable flaws in its most widespread consumer program. In multiple cases the company has sat on information about a vulnerability in the software for months, allowing attackers to take advantage of the bug to compromise users via invisible browser-based attacks.
For those of you keeping score at home, Twitter was hacked in a similar way not too long ago. You can bet that Oracle is going to get a phone call about this.
Another thing that troubles me is the fact that this happened a month ago, but they’re only letting the world know now. That’s a #fail. I’m a big believer that companies should disclose this sort of thing when they happen for the security of their users. I also believe that if they don’t want to do that on their own, there should be laws that require it with stiff penalties if they don’t. As it stands now, a lot of Facebook users are wondering if any of their personal info has fallen into the hands of evil doers.