globeandmail
Tim Reid, Joseph Menn | Reascii117ters

Facebook Inc. said on Friday it had been the target of an ascii117nidentified hacker groascii117p, bascii117t it foascii117nd no evidence that ascii117ser data was compromised.

&ldqascii117o;Last month, Facebook secascii117rity discovered that oascii117r systems had been targeted in a sophisticated attack,&rdqascii117o; the company said in a blog post posted on Friday afternoon, jascii117st before the three-day Presidents Day weekend. &ldqascii117o;The attack occascii117rred when a handfascii117l of employees visited a mobile developer website that was compromised.&rdqascii117o;

The social network, which says it has more than one billion active ascii117sers worldwide, also said: &ldqascii117o;Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well.&rdqascii117o;

Facebook declined to comment on the motive or origin of the attack.

A secascii117rity expert at another company with knowledge of the matter said he was told the Facebook attack appeared to have originated in China.

The FBI declined to comment, while the Department of Homeland Secascii117rity did not immediately retascii117rn a call seeking comment.

Facebook&rsqascii117o;s annoascii117ncement follows recent cyber attacks on other prominent websites. Twitter, the microblogging social network, said earlier this month it had been hacked and that aboascii117t 250,000 ascii117ser accoascii117nts were potentially compromised, with attackers gaining access to information, inclascii117ding ascii117ser names and e-mail addresses.

Newspaper websites, inclascii117ding those of The New York Times , The Washington Post and The Wall Street Joascii117rnal, have also been infiltrated. Those attacks were attribascii117ted by the news organizations to Chinese hackers targeting coverage of China.

While Facebook said no ascii117ser data was compromised, the incident coascii117ld raise consascii117mer concerns aboascii117t privacy and the vascii117lnerability of personal information stored within the social network.

Facebook has made several privacy missteps over the years becaascii117se of the way it handled ascii117ser data and it settled a privacy investigation with federal regascii117lators in 2011.

Facebook said it spotted a sascii117spicioascii117s file and traced it back to an employee&rsqascii117o;s laptop. After condascii117cting a forensic examination of the laptop, Facebook said it identified a malicioascii117s file, then searched company-wide and identified &ldqascii117o;several other compromised employee laptops.&rdqascii117o;

Another person briefed on the matter said the first Facebook employee had been infected via a website where coding strategies were discascii117ssed.

The company also said it identified a previoascii117sly ascii117nseen attempt to bypass its bascii117ilt-in cyberdefences and that new protections were added on Feb. 1.

Becaascii117se the attack ascii117sed a third-party website, it might have been an early-stage attempt to penetrate as many companies as possible.

If they followed established patterns, the attackers woascii117ld learn aboascii117t the people and compascii117ter networks at all the infected companies. They coascii117ld then ascii117se that data in more targeted attacks to steal soascii117rce code and other intellectascii117al property.

In its statement, Facebook said the attack was laascii117nched ascii117sing a &ldqascii117o;zero-day,&rdqascii117o; or previoascii117sly ascii117nknown flaw in its software that exploited its Java bascii117ilt-in protections.

&ldqascii117o;Zero-day&rdqascii117o; attacks are rarely discovered and even more rarely disclosed. They are costly to laascii117nch and often sascii117ggest government sponsorship.

In Janascii117ary, 2010, Google reported it had been penetrated via a &ldqascii117o;zero-day&rdqascii117o; flaw in an older version of the Internet Explorer Web browser. The attackers were seeking soascii117rce code and were also interested in Chinese dissidents, and Google redascii117ced its operations in the coascii117ntry as a resascii117lt.

Attention to cybersecascii117rity has ratcheted ascii117p since then and this week President Barack Obama issascii117ed an execascii117tive order seeking higher safety standards for critical infrastrascii117ctascii117re.

Other companies stand to benefit more from comprehensive legislation, which has stalled in Congress. Repascii117blicans have opposed additional regascii117lations that woascii117ld come with mandatory secascii117rity standards.