Is one site to blame for all the recent hacks on big tech companies?

email article email article print article print article tip @techmeme

Hacker

Everyone’s getting hacked these days: Apple, Twitter and Facebook have all been breached in recent days. And while we knew that the same group of hackers was most likely behind each attack few would’ve guessed the source of the hacks could be traced to a single website.

According to AllThingsD, Facebook’s investigation into its hack has revealed that all the employees affected had visited a single mobile development website.

The site, called iPhoneDevSDK, is frequented by many companies concentrating on the mobile space. After Facebook employees visited the site, say people close to the investigation, malicious code within the HTML of the site used an exploit in a Java plugin to infect employees’ laptops.

The site’s owner and operator Ian Sefferman said it was doing everything in its power to make sure that the site didn’t cause any security issues but added that Facebook had not contacted him about the exploit:

We’re investigating Facebook’s reports that iPhoneDevSDK was hosting an exploit targeted at Facebook employees. We’re actively ensuring that is not the case. Facebook originally noted that they immediately reached out to other affected companies, but we were never contacted by Facebook, any other company, or law enforcement. Our users’ security is incredibly important to us and we’ll be sure to follow the investigation through to completion.

The kind of hack reported by Apple does however suggest a single source. “Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” the Cupertino-based giant said.

If that single source is iPhoneDevSDK, it’s particularly worrying. The site isn’t just visited by big tech companies. Anyone wanting to build for iPhone would be able to use the resources on it. That means that any number of small mobile startups and independent developers could also be victims of the hack.

Facebook said as much in the wake of its own hacking saga late last week: “Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well.”

The difference is, those small companies and independent developers are a lot less likely to have the technology needed to lock down on the hack and stop it spreading to others in their network. Even scarier is that many of them won’t even know that they’ve been affected.

email article email article print article print article

Related Articles on the Web

Most popular articles

Topics for this article


Share
  • BURN MEDIA TV

    WATCH THE LATEST EPISODE NOW
    Latest Episode
    Data woes? Here's 6 data saving tips for your smartphone

MORE HEADLINES

news

VIEW MORE

interviews

VIEW MORE

future trends

VIEW MORE

entrepreneurship

VIEW MORE

social media

VIEW MORE

facebook

VIEW MORE

twitter

VIEW MORE

google

VIEW MORE

advertising & marketing

VIEW MORE

online media

VIEW MORE

design

VIEW MORE

mobile

VIEW MORE

More in News

Sina says WeChat will dig into Weibo usage, but reckons it has critical mass

Read More »