The social network identified the attack as a “zero day” Java exploit that allowed the website in question to bypass employees’ security software and install the offending software. Oracle, which manages Java, was alerted to the vulnerability. The company issued a patch to fix the problem on February 1, Facebook said.
Despite only admitting to the hack after the fact, Facebook hopes to reassure users that their personal information was not passed on to attackers. “Foremost, we have found no evidence that Facebook user data was compromised,” the company said.
Read more: Facebook says it was hacked, claims member data safe - CNET