+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

You'll Never Believe This Harmless-Looking Site Helped Hack Apple And Facebook

Feb 20, 2013, 23:56 IST

BuzzfeedLooks harmless, right?Recently hackers have attacked a handful of popular websites like Facebook, Apple, and even select Twitter accounts.

Advertisement

While the culprit hasn't officially been identified, AllThingsD's Mike Isaac believes the attack stems from a harmless-looking website: iPhone Dev SDK (don't visit the site, unless you potentially want to be infected).

Isaac writes:

Many have visited one compromised website specifically devoted to sharing information related to mobile development — and it’s not just tech companies visiting the site.

iPhone Dev SDK is a resource many companies concentrating on the mobile space frequent and Isaac's Facebook sources say, "malicious code injected into the HTML of the site used an exploit in Oracle’s Java plug-in to infect employee laptops".

Advertisement

Facebook addressed the issue last week in a blog post on security.

The social network confirmed that it found no evidence that Facebook user data was compromised but immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected.

Facebook has been the most open company about the hack, providing the most information about the attack and what it is doing to fix the issue.

Apple quietly released a Java security update yesterday to hopefully fix the issue for Mac users.

Buzzfeed's John Herman posted a statement from an administrator for iPhone Dev SDK:

Advertisement

Today, we were alerted that our site was part of an elaborate and sophisticated attack whose victims included large internet companies. We were alerted through the press, via an AllThingsD article, which cited Facebook. Prior to this article, we had no knowledge of this breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach. You can read more about the attack via Facebook's blog post.

As the most widely read dedicated iOS developer forum, we're targeted for attacks frequently. Security is a top priority for us, which is one reason why we switched to Vanilla Forums to host our site last year. Vanilla manages security like pros, and I should be clear that -- as best we can tell right now -- this attack has nothing to do with their software.

Immediately, we were in contact with Facebook's security team, including Joe Sullivan, Facebook's Chief Security Officer, and his team, to learn what they knew. We also contacted Vanilla, our amazing forum hosts, to ensure the problem was not with their software.

What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers.

We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.

Advertisement

As with Facebook, it's important to stress that we have no reason to believe user data was compromised.

Just to be sure, we've reset all users' passwords. Please use our Forgot Password feature the next time you log in to reset your password.

We're continuing to work with Facebook, Vanilla, other targeted companies, and law enforcement to find out who is behind this sophisticated attack.

We're very sorry for the inconvenience -- we'll work tirelessly to ensure your data's security now and in the future. I want to thank Vanilla Forums for their help in the matter and for keeping the site secure, as well as Facebook for their help quickly after we reached out.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article