Everyone’s getting hacked these days: Apple, Twitter and Facebook have all been breached in recent days. And while we knew that the same group of hackers was most likely behind each attack few would’ve guessed the source of the hacks could be traced to a single website.
No ad to show here.
According to AllThingsD, Facebook’s investigation into its hack has revealed that all the employees affected had visited a single mobile development website.
The site, called iPhoneDevSDK, is frequented by many companies concentrating on the mobile space. After Facebook employees visited the site, say people close to the investigation, malicious code within the HTML of the site used an exploit in a Java plugin to infect employees’ laptops.
The site’s owner and operator Ian Sefferman said it was doing everything in its power to make sure that the site didn’t cause any security issues but added that Facebook had not contacted him about the exploit:
We’re investigating Facebook’s reports that iPhoneDevSDK was hosting an exploit targeted at Facebook employees. We’re actively ensuring that is not the case. Facebook originally noted that they immediately reached out to other affected companies, but we were never contacted by Facebook, any other company, or law enforcement. Our users’ security is incredibly important to us and we’ll be sure to follow the investigation through to completion.
The kind of hack reported by Apple does however suggest a single source. “Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” the Cupertino-based giant said.
If that single source is iPhoneDevSDK, it’s particularly worrying. The site isn’t just visited by big tech companies. Anyone wanting to build for iPhone would be able to use the resources on it. That means that any number of small mobile startups and independent developers could also be victims of the hack.
Facebook said as much in the wake of its own hacking saga late last week: “Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well.”
The difference is, those small companies and independent developers are a lot less likely to have the technology needed to lock down on the hack and stop it spreading to others in their network. Even scarier is that many of them won’t even know that they’ve been affected.