Facebook reported late on Friday that its servers had been attacked in a "sophisticated attack" in January, but that it does not believe that users data was compromised. The company did not address why it took several weeks to alert the public.
Company staff routinely visit the websites of mobile program developers, and it was during such visits to a company's website that several of their employees computers had been attacked by a malicious code that had been implanted on that site. The name of that company and website was also not released.
"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement and began a significant investigation that continues to this day," the company announced Friday.
Some technology news websites are reporting that the Facebook hacking was an unknown type that used Java, which recently was reported to have security flaws.
In January, a cyber security branch of the U.S. government warned users to disable Java on their computers to protect against potential threats.
Facebook said it discovered that tother technology companies have been hacked by the same attack, and that it alerted them.
The attack on Facebook happened around the time that Twitter was hacked, exposing the user data of as many as 250,000 people.
As both social media giants have increasingly moved toward ecommerce or at least in-content advertising, these security breaches could increasingly include not just information about social aspects of people's lives, but also their credit card or bank account numbers.
For individual or business users, data that could potentially be breached also includes private messages sent through either the Facebook or Twitter systems. Accounting professionals in particular should be wary of sharing confidential information to clients via social media websites.