#Facebook got hacked Anonymously.


 

Facebook said on Friday it had been the target of an unidentified hacker group, but it found no evidence that user data was compromised.

Last month, Facebook security discovered that our systems had been targeted in a sophisticated attack,” the company said in a blog post posted on Friday afternoon, just before the three-day Presidents Day weekend. “The attack occurred when a handful of employees visited a mobile developer website that was compromised.

The social network, which says it has more than one billion active users worldwide, also said: “Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well.”

Facebook declined to comment on the motive or origin of the attack.

A security expert at another company with knowledge of the matter said he was told the Facebook attack appeared to have originated in China.

The FBI declined to comment, while the Department of Homeland Security did not immediately return a call seeking comment.

Facebook’s announcement follows recent cyber attacks on other prominent websites. Twitter, the micro blogging social network, said earlier this month it had been hacked and that about 250,000 user accounts were potentially compromised, with attackers gaining access to information, including user names and email addresses.

Newspaper websites, including those of The New York Times (NYT.N), The Washington Post and The Wall Street Journal, have also been infiltrated. Those attacks were attributed by the news organizations to Chinese hackers targeting coverage of China.

While Facebook said no user data was compromised, the incident could raise consumer concerns about privacy and the vulnerability of personal information stored within the social network.

Facebook has made several privacy missteps over the years because of the way it handled user data and it settled a privacy investigation with federal regulators in 2011.

Facebook said it spotted a suspicious file and traced it back to an employee’s laptop. After conducting a forensic examination of the laptop, Facebook said it identified a malicious file, then searched company-wide and identified “several other compromised employee laptops.”

Another person briefed on the matter said the first Facebook employee had been infected via a website where coding strategies were discussed.

The company also said it identified a previously unseen attempt to bypass its built-in cyber defenses and that new protections were added on February 1.

Because the attack used a third-party website, it might have been an early-stage attempt to penetrate as many companies as possible.

If they followed established patterns, the attackers would learn about the people and computer networks at all the infected companies. They could then use that data in more targeted attacks to steal source code and other intellectual property.

In its statement, Facebook said the attack was launched using a “zero-day,” or previously unknown flaw in its software that exploited its Java built-in protections.

“Zero-day” attacks are rarely discovered and even more rarely disclosed. They are costly to launch and often suggest government sponsorship.

In January 2010, Google reported it had been penetrated via a “zero-day” flaw in an older version of the Internet Explorer Web browser. The attackers were seeking source code and were also interested in Chinese dissidents, and Google reduced its operations in the country as a result.

Attention to cybersecurity has ratcheted up since then and this week President Barack Obama issued an executive order seeking higher safety standards for critical infrastructure.

Other companies stand to benefit more from comprehensive legislation, which has stalled in Congress. Republicans have opposed additional regulations that would come with mandatory security standards.

 

[-TOI]

 

Twitter Hacked !! This time for Real !


Twitter is sending out emails to 250,000 users it says may have had their accounts compromised in the last week as the site experienced “unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data.” Twitter tells us that this is “not related” to the widespread, but intermittent, outage the site saw yesterday.

The text of the email is below. In its blog post on the hacking, Twitter recommends that all users make sure they have a secure enough password on their account. In truth, there still seems to be some big unanswered questions. Twitter notes that “attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords”, which can also be interpreted as “may not have had access”, or may not have had access to all of those different elements. The reader who sent in the letter below tells us that he had not seen any unusual activity on the account recently — so any password or other kinds of compromises had not yet translated into actions, for him at least.

One coincidence that appears to be emerging is that many of the people who have been affected were among some of the earliest adopters of Twitter. Our reader signed up in 2007, and we have heard similar reports from others receiving the email.

Twitter says that it believes that other websites may have been compromised.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Bob Lord, director of information security at Twitter, notes in the blog post. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”

Twitter would not comment on whether it had any information on which other companies may have had related attacks — although by coincidence Amazon yesterday also had an outage, although we understands that Amazon has determined that outside groups were not involved. Twitter does, however, refer to the security breaches at both the New York Times and the Wall Street Journal, as well as the recent security issues with Java in browsers, as examples of how hacking is everywhere (and to possibly deflect a little attention from what has just happened on its site).

” 

Hi, ABCD

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.

You’ll need to create a new password for your Twitter account. You can select a new password at this link:

ABCDEF

As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password

Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).

In general, be sure to:

  • Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
  • Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
  • Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.

For more information, visit our help page for hacked or compromised accounts.

According To #Twitter

According to Twitter, it was hacked and 250K accounts were affected, so they received emails from the company to change their password. This is not the first time this has happened, but this time it was a real hack, rather than a blend of real hacks and “false alarm” blast of emails like last time.

Way to start off our weekends, Twitter. Who knows if you’ll even get the email from Twitter about it, I know that I filter all of those things out. You can read all of the details about the hack and the company response here.

I find it really confusing when anything like this happens, because it feels like companies try to diminish the perception of the impact of the situation. Fact of the matter is, its users are seeing sad tweets from their friends about how they got hacked. I even had one person tell me that they felt like they weren’t cool enough because they didn’t get hacked.

Instead, or in addition to, just go change your password. We’re all cool enough to get hacked. The number, 250K affected, seems a bit too tidy to me, and I’m not saying that Twitter is lying, I’m just saying that it’s better to be safe than sorry.

Twitter also suggests this course of action, which is way too much for most people’s brains to process on a Friday:

“We also echo the advisory from the U.S. Department of Homeland Security and security experts to encourage users to disable Java on their computers in their browsers.”

Sure, OK.

Happy Tweeting (Maybe)! While you’re at it, change all of your passwords for everything. It’s a good thing to do once in a while, especially if you use the same one for every single site you log into.

[Photo credit: Flickr]
[-via TechCrunch]